Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation.exe

Overview

General Information

Sample name:Quotation.exe
Analysis ID:1635982
MD5:d7be0a5d0582b7c0e0d24ff83c292a7b
SHA1:564ea25b0c3ba65f9d4dba39261a931bb8279d0b
SHA256:30dbfac0ff222e65cb13646954adfedc7a23f719644d029136b55b1bca1c1beb
Tags:exeuser-julianmckein
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SGDT)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Quotation.exe (PID: 5320 cmdline: "C:\Users\user\Desktop\Quotation.exe" MD5: D7BE0A5D0582B7C0E0D24FF83C292A7B)
    • Quotation.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\Quotation.exe" MD5: D7BE0A5D0582B7C0E0D24FF83C292A7B)
      • KINGXR0SWeeumOtY.exe (PID: 4216 cmdline: "C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\Dy7lHvmm.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • unregmp2.exe (PID: 7580 cmdline: "C:\Windows\SysWOW64\unregmp2.exe" MD5: 51629AAAF753C6411D0B7D37620B7A83)
          • KINGXR0SWeeumOtY.exe (PID: 3596 cmdline: "C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KB23yHNKa.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
          • firefox.exe (PID: 7740 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.3732118914.0000000000DB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.3733704972.00000000050C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.3730543677.00000000006F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000009.00000002.3731952033.0000000003410000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.1546681971.0000000000FB0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.Quotation.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              7.2.Quotation.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-12T09:26:12.088917+010028032742Potentially Bad Traffic192.168.2.649690172.67.74.152443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Quotation.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: Quotation.exeVirustotal: Detection: 56%Perma Link
                Source: Quotation.exeReversingLabs: Detection: 52%
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3732118914.0000000000DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3733704972.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730543677.00000000006F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3731952033.0000000003410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546681971.0000000000FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546023455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730002341.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1547946500.0000000001DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Quotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Quotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: unregmp2.pdb source: Quotation.exe, 00000007.00000002.1546282470.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000002.3730779579.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: Quotation.exe, 00000007.00000002.1546792335.00000000010A0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3732302629.00000000043F0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3732302629.000000000458E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1548182110.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1546312598.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Quotation.exe, Quotation.exe, 00000007.00000002.1546792335.00000000010A0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 0000000A.00000002.3732302629.00000000043F0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3732302629.000000000458E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1548182110.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1546312598.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: unregmp2.pdbGCTL source: Quotation.exe, 00000007.00000002.1546282470.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000002.3730779579.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KINGXR0SWeeumOtY.exe, 00000009.00000002.3729987946.000000000042F000.00000002.00000001.01000000.0000000A.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3729990823.000000000042F000.00000002.00000001.01000000.0000000A.sdmp
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0041C890 FindFirstFileW,FindNextFileW,FindClose,10_2_0041C890
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then xor eax, eax10_2_00409E70
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then pop edi10_2_0040E46B
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then mov ebx, 00000004h10_2_00EA04D5

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.031235064.xyz
                Source: DNS query: www.kdymqiac.xyz
                Source: DNS query: www.vrpin.xyz
                Source: DNS query: www.vaishnavi.xyz
                Source: Joe Sandbox ViewIP Address: 144.76.229.203 144.76.229.203
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49690 -> 172.67.74.152:443
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /wkxw/?GbuPwl=TJbeMNCVzJbaz+LLwsVz5kXH5SLm85BdWMKQuijz2H15lk8H7EsSFWgT2KubkbaIboygKPCObIJkGoLLT7ruITClQNqKSVmWjKfAadSI+fkwFG5nS7NRbUWAcDXofuUB2HX8A68=&bzE=Otudd HTTP/1.1Host: www.thykingdomwear.storeAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /m3m6/?GbuPwl=+NK36AM3hmT76eydBPkiGmX0J6XPOXR56lw+NRN+tyHumehemVQTQsTOx6Rc1RxJRXVs1h67aFn54B7ZI8aBke9j9nOyv5/BESRgYOf97NJnFhJTYjgeIyOudQlp32Yi191c780=&bzE=Otudd HTTP/1.1Host: www.empoweruplan.onlineAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /hhjx/?GbuPwl=tb1J/R4/FUG8T8rFqZTFOd06TqtDPW3K7jac719lrUnIXueuLdg6zfvXB2hW6128WBvdNuav/0vxPDwE7n1H8oIilsNDKvj/LGd8IYBFALb/sSAKDL+IxO6GrACwRBo7FEihkbI=&bzE=Otudd HTTP/1.1Host: www.superlog.netAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /v942/?GbuPwl=ESaEJVqT0NpCX2geTEYkHZbVMx6lk4kQKFVqnCtio4mC0JvTqQXl7WZYZA2hokgJobEsVu3MLHs09DxjHeTtLW9xB0dgZ33V2koAwUK+OFsJ7NNVB+Bk3z8qdTjcyiFzAC10DGU=&bzE=Otudd HTTP/1.1Host: www.cas32.topAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /dhv7/?GbuPwl=ReV4zADDfal1eT42rv8Zv4g88Pzo8tc5u5c2yWdTMNBRfsRQk73tVrR2RxQxJeZhdSYvF2pF9REj4XeSmpDQpnE2LvV/armFBuiMSLD4cGysRQXSmRQXPw1i86cU8yzbesvsgHs=&bzE=Otudd HTTP/1.1Host: www.truenorthcards.orgAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /yc6g/?GbuPwl=RO04B6r8C63MMnM0oSZAsTPKMFlp8dZ67/Te3uX0/sgfyiMQEud9aYTI8WQcb2wYmT8UdLGxrh6Aif7xfB2b+ODxeXinfwy15s530Nvm60GYGkh+odCaqihb3kSWEi9KGmC31kk=&bzE=Otudd HTTP/1.1Host: www.liangfeng.cloudAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /8ijm/?bzE=Otudd&GbuPwl=3MmuomCFjb5sH8pJAvXdylQZobnE/tgK1HGWeXinMTmcwEVNhJq0fBpce6PDgSuwML1VTpmHgny3ySu9aTXIt6qd5ofh+v1ncr0aqF2JD6fvbyNxma8dg5hJpJP4MvuD3hwxSyA= HTTP/1.1Host: www.031235064.xyzAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /q63r/?GbuPwl=5iCO/SGCYTV0fNpjUJr5KVTUaimbVjecuHttBDGx97NfuYijB23plIl9E+rExp4SAZvQF8jONiH7a0UOD2UXii7FWv3+9thBYYX9qDDaN8j7ScvdD8IC2baoRXVAX8QbBVFip5c=&bzE=Otudd HTTP/1.1Host: www.futuregate.websiteAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ess0/?GbuPwl=GzPs5zOT6ezY+FLfrre2osoZ0I7aTFW88vhHbYAKKsOv/6vxZP3NQR35rLqtjPimNLHuTaiKpgbMJpssOxVdKfm6nnGkMFRZMgHY9dqKagCFUpM/ERthPP9a4MlokroxvwrO4Ck=&bzE=Otudd HTTP/1.1Host: www.nextgengadgetz.bizAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /7zok/?GbuPwl=GQI9w8lNX55+U0/ra9pQU//+9t8343FfCNGsWU1DaX1Z/h0khP4oEt8n32E03FVQaebgCKvg08938IIWI67HI+Or/sJf7ZUqnwtChuRmmsQEm1QwNa84iS+V7M+gJis7Amk4QZg=&bzE=Otudd HTTP/1.1Host: www.vrpin.xyzAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /i0s8/?GbuPwl=cKFYCZeWtz0M8d78jqMA96oNhaQcYkdu8QRWWMq3URuPorTf+R+6WX3CKMzaiPEKoUpljgrg/WAe+xgmpoO5oyt+dUxdw26C8prIKKyEK9U8/xEZOybY34tD4y7j3zZvbGAraos=&bzE=Otudd HTTP/1.1Host: www.fplus.footballAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ee2l/?bzE=Otudd&GbuPwl=NwO1oE/0506dNdTsnAae1Xr8Dp1431gmKJpW7rHvXx9QinIf1zuH/8WfHSRrxVAkotgklB/cX3Ryq15IuyFdNYvPJ6XHadf8Ze7I3rAbK0j31YkheptkCGrEDU9gtMVJWFCib9I= HTTP/1.1Host: www.vaishnavi.xyzAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ez9t/?GbuPwl=a6hFe4BYwcMPEp77SRskHgvfVMbcZ4cfFPk2xNJFWBpmTSqMchsUC2fD85gSBLFUhwDE9uTwt2bpuTIhgJc2CJkquvpu3VHBuKep6xm5LC0ZmvSG69L+qSvOQyBmQBBI04GZY84=&bzE=Otudd HTTP/1.1Host: www.mamibosvip.cfdAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /w42a/?bzE=Otudd&GbuPwl=pgwvFd2qVFkp8GHfo07+vEFmAymI308KWtbcxblE5OocQ2rL0uuDSpi7EBanqjUwKHdRT8DV2x+AHx8z4xCcIfGCcUghoAZOFtJUGHbwzWOYMzF1cxmT40/f79OBWUVGj8GzMLo= HTTP/1.1Host: www.optimuminvestment.netAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko
                Source: global trafficDNS traffic detected: DNS query: www.thykingdomwear.store
                Source: global trafficDNS traffic detected: DNS query: www.empoweruplan.online
                Source: global trafficDNS traffic detected: DNS query: www.superlog.net
                Source: global trafficDNS traffic detected: DNS query: www.cas32.top
                Source: global trafficDNS traffic detected: DNS query: www.truenorthcards.org
                Source: global trafficDNS traffic detected: DNS query: www.liangfeng.cloud
                Source: global trafficDNS traffic detected: DNS query: www.031235064.xyz
                Source: global trafficDNS traffic detected: DNS query: www.futuregate.website
                Source: global trafficDNS traffic detected: DNS query: www.nextgengadgetz.biz
                Source: global trafficDNS traffic detected: DNS query: www.kdymqiac.xyz
                Source: global trafficDNS traffic detected: DNS query: www.vrpin.xyz
                Source: global trafficDNS traffic detected: DNS query: www.fplus.football
                Source: global trafficDNS traffic detected: DNS query: www.vaishnavi.xyz
                Source: global trafficDNS traffic detected: DNS query: www.mamibosvip.cfd
                Source: global trafficDNS traffic detected: DNS query: www.optimuminvestment.net
                Source: global trafficDNS traffic detected: DNS query: www.tuongminhjsc.click
                Source: unknownHTTP traffic detected: POST /m3m6/ HTTP/1.1Host: www.empoweruplan.onlineAccept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Origin: http://www.empoweruplan.onlineCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 211Connection: closeReferer: http://www.empoweruplan.online/m3m6/User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MAARJS; rv:11.0) like GeckoData Raw: 47 62 75 50 77 6c 3d 7a 50 69 58 35 30 6c 66 67 53 61 39 37 72 54 72 4f 4f 4d 4e 51 55 54 32 50 6f 50 4c 46 48 39 2f 74 6e 6c 76 64 42 46 67 71 31 76 58 6b 2f 49 77 72 41 5a 5a 44 2b 33 44 7a 62 31 62 6f 79 70 31 4f 58 31 54 78 78 71 68 64 6b 66 46 35 6b 72 4b 57 71 43 45 72 35 67 57 7a 48 4f 6b 7a 4a 44 75 58 52 68 62 50 66 7a 6b 36 65 77 38 46 32 38 76 46 52 64 76 4b 54 61 6d 43 44 59 32 71 78 41 71 31 36 5a 38 2f 4b 54 56 71 6a 35 39 61 50 41 36 32 36 4b 70 64 70 36 41 68 68 6f 43 78 4a 42 74 45 45 75 78 52 46 59 76 4c 4f 64 55 6c 35 6e 55 6e 45 6d 4a 7a 66 72 4f 58 49 34 48 64 68 42 49 64 53 6c 36 66 6d 33 36 66 44 78 37 Data Ascii: GbuPwl=zPiX50lfgSa97rTrOOMNQUT2PoPLFH9/tnlvdBFgq1vXk/IwrAZZD+3Dzb1boyp1OX1TxxqhdkfF5krKWqCEr5gWzHOkzJDuXRhbPfzk6ew8F28vFRdvKTamCDY2qxAq16Z8/KTVqj59aPA626Kpdp6AhhoCxJBtEEuxRFYvLOdUl5nUnEmJzfrOXI4HdhBIdSl6fm36fDx7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:27:30 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 68 6a 78 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hhjx/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:27:32 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 68 6a 78 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hhjx/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:27:35 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 68 6a 78 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hhjx/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:27:37 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 68 6a 78 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hhjx/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 12 Mar 2025 08:27:45 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 12 Mar 2025 08:27:48 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 12 Mar 2025 08:27:51 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 12 Mar 2025 08:27:53 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Wed, 12 Mar 2025 08:27:59 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Wed, 12 Mar 2025 08:28:01 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Wed, 12 Mar 2025 08:28:04 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Wed, 12 Mar 2025 08:28:06 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:26 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:29 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:31 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:34 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:40 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:42 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:45 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:28:47 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:29:41 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:29:44 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:29:46 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:29:49 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:29:55 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JtzIiqDBBNb%2FKhQswXo4egALPTrh8Z7dLvHNTlyeap%2F01Z7LRThibioZwtEKMeff6y2eZjWwR%2BR2Ze5q4ApJ34sjIlf%2BGaNnpeIa%2F6kOijFPwhz7%2FRhGHEd6o7ttN4eDkcieNbg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91f1ed2fc8d4330c-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2096&min_rtt=2096&rtt_var=1048&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=625&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d f7 66 43 c5 a1 87 d5 4a 85 04 81 94 d2 88 9a 03 47 83 17 39 12 89 53 db 10 f5 ef ab 04 21 f5 3a f3 66 34 43 2f c5 d7 4a 1f eb 12 36 fa b3 82 fa b0 ac b6 2b 98 bd 22 6e 4b bd 46 2c 74 f1 70 de b2 1c b1 dc cd 58 91 4b ed 95 c9 89 b1 ac 28 35 e9 2a bc c8 17 b0 f3 09 d6 fe d6 59 c2 87 a8 08 27 88 4e de fe 8e b9 39 ff 63 dc 9c 15 f5 ac 9d 40 90 9f 9b c4 24 16 0e fb 0a 06 13 a1 f3 09 2e 23 07 be 83 e4 9a 08 51 c2 5d 42 46 d8 8f 4d 81 15 19 6b 83 c4 c8 1f bd 39 3b 81 ef 09 00 93 60 18 86 ac 35 6d 73 f2 f1 de f4 d9 f9 62 a1 f6 21 c1 7b 4e f8 0c 29 c2 69 15 e1 f4 e6 0f 00 00 ff ff e3 02 00 86 bb 6f 06 08 01 00 00 0d 0a Data Ascii: e2Ln0D-fCJG9S!:f4C/J6+"nKF,tpXK(5*Y'N9c@$.#Q]BFMk9;`5msb!{N)io
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:29:57 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2UX92HM%2FH7IEYE%2BTbW2dT30rNjAFHR2ZE2voOUmC3%2FXptcxD%2BbPIb2CRhucbROZ6g8TYRwx5xqYIKCBseN5DPa9FDPyhU%2BO3UMaD4SbQxLwCjtahbVrHpD%2F3WH7IcsAp1zvJfgw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91f1ed3fcb214357-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1663&min_rtt=1663&rtt_var=831&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=649&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d f7 66 43 c5 a1 87 d5 4a 85 04 81 94 d2 88 9a 03 47 83 17 39 12 89 53 db 10 f5 ef ab 04 21 f5 3a f3 66 34 43 2f c5 d7 4a 1f eb 12 36 fa b3 82 fa b0 ac b6 2b 98 bd 22 6e 4b bd 46 2c 74 f1 70 de b2 1c b1 dc cd 58 91 4b ed 95 c9 89 b1 ac 28 35 e9 2a bc c8 17 b0 f3 09 d6 fe d6 59 c2 87 a8 08 27 88 4e de fe 8e b9 39 ff 63 dc 9c 15 f5 ac 9d 40 90 9f 9b c4 24 16 0e fb 0a 06 13 a1 f3 09 2e 23 07 be 83 e4 9a 08 51 c2 5d 42 46 d8 8f 4d 81 15 19 6b 83 c4 c8 1f bd 39 3b 81 ef 09 00 93 60 18 86 ac 35 6d 73 f2 f1 de f4 d9 f9 62 a1 f6 21 c1 7b 4e f8 0c 29 c2 69 15 e1 f4 e6 0f 00 00 ff ff e3 02 00 86 bb 6f 06 08 01 00 00 0d 0a Data Ascii: e2Ln0D-fCJG9S!:f4C/J6+"nKF,tpXK(5*Y'N9c@$.#Q]BFMk9;`5msb!{N)io
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:30:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jzw4PQyv9UBn0OAMYQFHm%2FEb65FVppJ4U430lqU7LeyOtsKLjQDuTo1DPk37oXYnf2VGkGkJLdDRx0Q5GGTmlUjvzECQaafLeSdslQ4gKoub8fIGlT8d0vPDCfZJpUt7blVtFM4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91f1ed4f9f646a53-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=809&delivery_rate=0&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 6e c2 30 10 44 ef fe 8a 2d f7 66 43 c5 a1 87 d5 4a 85 04 81 94 d2 88 9a 03 47 83 17 39 12 89 53 db 10 f5 ef ab 04 21 f5 3a f3 66 34 43 2f c5 d7 4a 1f eb 12 36 fa b3 82 fa b0 ac b6 2b 98 bd 22 6e 4b bd 46 2c 74 f1 70 de b2 1c b1 dc cd 58 91 4b ed 95 c9 89 b1 ac 28 35 e9 2a bc c8 17 b0 f3 09 d6 fe d6 59 c2 87 a8 08 27 88 4e de fe 8e b9 39 ff 63 dc 9c 15 f5 ac 9d 40 90 9f 9b c4 24 16 0e fb 0a 06 13 a1 f3 09 2e 23 07 be 83 e4 9a 08 51 c2 5d 42 46 d8 8f 4d 81 15 19 6b 83 c4 c8 1f bd 39 3b 81 ef 09 00 93 60 18 86 ac 35 6d 73 f2 f1 de f4 d9 f9 62 a1 f6 21 c1 7b 4e f8 0c 29 c2 69 15 e1 f4 e6 0f 00 00 ff ff e3 02 00 86 bb 6f 06 08 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e2Ln0D-fCJG9S!:f4C/J6+"nKF,tpXK(5*Y'N9c@$.#Q]BFMk9;`5msb!{N)io0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:30:02 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NPPo7hrPHyyM1tEfGKNsCkklcICPTTwSg2OVc0HUDaX3emJfPcrC1W3LefAXWTgbqu9gF8u48JJ01tDFNthK1z7lQqr7QeMK%2BHuaaUgj8cqV0hyUXdId8iFKJS%2F1dGDy99836gs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91f1ed5faa4cb785-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2094&min_rtt=2094&rtt_var=1047&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=358&delivery_rate=0&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6d 61 6d 69 62 6f 73 76 69 70 2e 63 66 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 108<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.mamibosvip.cfd Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:30:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"67d01f78-b8d"Server: PythonAnywhereContent-Encoding: gzipData Raw: 34 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 56 61 6f db 36 10 fd de 5f 71 11 86 75 03 6c ab 49 16 60 70 15 6f c1 ba ae fb d0 6e 40 12 14 fb 48 49 94 c5 85 22 05 92 8a e2 0e fd ef 7d 47 d9 89 15 39 68 56 23 40 2c 8a 77 bc 77 f7 de a3 b3 3a 34 7a f5 82 f0 c9 6a 29 ca e1 6b 7c 6c 64 10 54 d4 c2 79 19 ce 93 eb ab b7 f3 9f 93 bd d7 41 05 2d 57 bf d9 46 99 35 5d 5a 6b 96 f4 f7 26 d4 d6 5c 98 4d 5f 4b 27 b3 74 d8 12 93 c7 8c 3e 6c 10 72 ff cc 6b b9 2d 37 f4 df 68 89 97 2b 6b c2 bc 12 8d d2 9b 25 bd 93 fa 56 06 55 88 19 5d 38 25 f4 8c bc 30 7e ee a5 53 d5 eb 49 68 af ca 50 2f e9 ec d5 ab f6 6e fa b6 11 6e ad cc 5c cb 2a 2c 49 74 c1 3e b9 c5 a9 75 fd b5 3d c1 b6 4b 3a 99 1c f4 f9 c5 a8 aa fa f8 6b 08 af 9c cc bb a2 96 81 de 5f ce fe 07 de 47 07 2d 2a eb e6 5e 05 39 b7 bd 91 ee a9 53 bd fa 24 97 e4 1b a1 b5 74 4f e2 8f d8 4e 27 d8 78 3a 85 d5 d6 2d 69 ed c4 66 1c fe f9 1e 77 96 ee 0d 3b 4b 07 6a c5 b7 19 8f fc 81 04 99 6a d6 e4 5d 71 9e d4 21 b4 7e 99 a6 fe 74 21 1a f1 c9 1a d1 fb 45 61 9b b4 8d b4 12 5b 5a cd a5 73 80 a9 1a b1 96 3e d5 76 6d e7 27 a7 3f dd 9d 9e 2d 5a b3 4e 28 5d 3d 34 3f 2b d5 2d 15 5a 78 7f 9e 34 42 99 3d fa 32 8c ac 3e de e7 ef 11 ca 3c de 8b 8e 5b da 87 4a f9 99 3f 57 b5 f2 84 bf b5 65 e6 07 4b b9 24 61 6c 00 e7 d1 12 29 02 f5 32 e7 29 50 6d 7d 90 25 e5 9b fb b6 0c 19 70 b4 a0 da c9 ea 01 74 df f7 8b 31 ce 08 3d 59 3d d6 94 58 2d 46 d9 b2 14 25 8e 57 0e d4 3c ce 42 5a 06 4f 1b db c5 0a 67 e4 3a 33 03 84 12 83 2d e5 56 c5 a4 0c 01 12 da 67 bb 72 7c 24 83 f8 ab 73 54 39 29 a9 d5 c2 d0 5a dd ca 21 a1 28 0a e9 3d 77 a5 11 45 ad 0c 96 7b 15 ea 51 81 1c 2f 6f a5 c3 58 b9 83 42 a3 69 70 01 d8 0c 75 2d a4 ef b8 b4 05 fd 83 fa 0a 24 2f b1 57 db 36 16 c8 1d 9d e4 c2 6e 77 df 73 44 83 29 34 8c 23 e2 29 95 93 45 d0 1b d4 6b 1b 4e ed 28 77 b6 87 7d 4c 32 71 a9 b6 0b 54 8b db ed 6c 95 f1 01 3a 21 6f ab d0 0b 27 09 f9 1b 61 c0 bd 21 13 84 86 c2 1d d0 8c 7b f4 bc b1 7c 90 a0 47 63 91 b6 b5 bd 74 bf d0 75 0b 51 95 58 e4 b6 7a c2 d9 2e 10 18 f5 dd 59 da c0 12 eb 6f 39 e4 f9 5c db 75 bc 52 e0 02 f7 21 96 26 72 fe fa 88 41 6c f0 8b 2c 15 ab 51 0f 23 6a 1e 2f 7f b2 14 f2 db e3 e6 be 1a c7 46 35 d1 e5 c9 ea cd 30 74 48 4a 99 ca 42 99 27 7b 99 62 f6 03 2c 7f a7 8e 88 fe ac c0 db 41 a1 71 d6 e3 c2 e7 5b 4d b2 3e 67 4c 70 c3 73 7c e9 e4 08 07 1f 20 74 03 b2 f1 16 8c e7 fb a6 14 be 7e cd 7b e9 df 0e cb 86 27 07 96 17 2c f8 03 c1 cc 47 12 6d cb 7b 6a 48 4b cb a1 aa d2 b2 11 7d cb 18 ff b0 9c 8b 25 99 7c 94 79 42 41 e4 e8 8d 57 e5 f4 f4 31 e4 41 d9 5a 15 37 94 5c 94 25 09 14 df ef ea 4b c6 a5 30 70 34 90 61 ee 64 09 2d c0 df 76 fb 63 32 7e dd 0b 83 e6 58 ea 3c 23 93 b8 92 1b 98 05 fb 07 0b 38 4e 60 c0 3a 69 ec 0f 5e 6c e0 99 85 e0 50 6e 3e f2 c7 9e 76 3b f2 b3 15 0d f9 39 31 26 35 c9 c1 15 e4 9d d2 51 1c 19 1f bb c2 92 43 46 67 50 c8 01 2b cd d2 b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:30:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"67d01f78-b8d"Server: PythonAnywhereContent-Encoding: gzipData Raw: 34 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 56 61 6f db 36 10 fd de 5f 71 11 86 75 03 6c ab 49 16 60 70 15 6f c1 ba ae fb d0 6e 40 12 14 fb 48 49 94 c5 85 22 05 92 8a e2 0e fd ef 7d 47 d9 89 15 39 68 56 23 40 2c 8a 77 bc 77 f7 de a3 b3 3a 34 7a f5 82 f0 c9 6a 29 ca e1 6b 7c 6c 64 10 54 d4 c2 79 19 ce 93 eb ab b7 f3 9f 93 bd d7 41 05 2d 57 bf d9 46 99 35 5d 5a 6b 96 f4 f7 26 d4 d6 5c 98 4d 5f 4b 27 b3 74 d8 12 93 c7 8c 3e 6c 10 72 ff cc 6b b9 2d 37 f4 df 68 89 97 2b 6b c2 bc 12 8d d2 9b 25 bd 93 fa 56 06 55 88 19 5d 38 25 f4 8c bc 30 7e ee a5 53 d5 eb 49 68 af ca 50 2f e9 ec d5 ab f6 6e fa b6 11 6e ad cc 5c cb 2a 2c 49 74 c1 3e b9 c5 a9 75 fd b5 3d c1 b6 4b 3a 99 1c f4 f9 c5 a8 aa fa f8 6b 08 af 9c cc bb a2 96 81 de 5f ce fe 07 de 47 07 2d 2a eb e6 5e 05 39 b7 bd 91 ee a9 53 bd fa 24 97 e4 1b a1 b5 74 4f e2 8f d8 4e 27 d8 78 3a 85 d5 d6 2d 69 ed c4 66 1c fe f9 1e 77 96 ee 0d 3b 4b 07 6a c5 b7 19 8f fc 81 04 99 6a d6 e4 5d 71 9e d4 21 b4 7e 99 a6 fe 74 21 1a f1 c9 1a d1 fb 45 61 9b b4 8d b4 12 5b 5a cd a5 73 80 a9 1a b1 96 3e d5 76 6d e7 27 a7 3f dd 9d 9e 2d 5a b3 4e 28 5d 3d 34 3f 2b d5 2d 15 5a 78 7f 9e 34 42 99 3d fa 32 8c ac 3e de e7 ef 11 ca 3c de 8b 8e 5b da 87 4a f9 99 3f 57 b5 f2 84 bf b5 65 e6 07 4b b9 24 61 6c 00 e7 d1 12 29 02 f5 32 e7 29 50 6d 7d 90 25 e5 9b fb b6 0c 19 70 b4 a0 da c9 ea 01 74 df f7 8b 31 ce 08 3d 59 3d d6 94 58 2d 46 d9 b2 14 25 8e 57 0e d4 3c ce 42 5a 06 4f 1b db c5 0a 67 e4 3a 33 03 84 12 83 2d e5 56 c5 a4 0c 01 12 da 67 bb 72 7c 24 83 f8 ab 73 54 39 29 a9 d5 c2 d0 5a dd ca 21 a1 28 0a e9 3d 77 a5 11 45 ad 0c 96 7b 15 ea 51 81 1c 2f 6f a5 c3 58 b9 83 42 a3 69 70 01 d8 0c 75 2d a4 ef b8 b4 05 fd 83 fa 0a 24 2f b1 57 db 36 16 c8 1d 9d e4 c2 6e 77 df 73 44 83 29 34 8c 23 e2 29 95 93 45 d0 1b d4 6b 1b 4e ed 28 77 b6 87 7d 4c 32 71 a9 b6 0b 54 8b db ed 6c 95 f1 01 3a 21 6f ab d0 0b 27 09 f9 1b 61 c0 bd 21 13 84 86 c2 1d d0 8c 7b f4 bc b1 7c 90 a0 47 63 91 b6 b5 bd 74 bf d0 75 0b 51 95 58 e4 b6 7a c2 d9 2e 10 18 f5 dd 59 da c0 12 eb 6f 39 e4 f9 5c db 75 bc 52 e0 02 f7 21 96 26 72 fe fa 88 41 6c f0 8b 2c 15 ab 51 0f 23 6a 1e 2f 7f b2 14 f2 db e3 e6 be 1a c7 46 35 d1 e5 c9 ea cd 30 74 48 4a 99 ca 42 99 27 7b 99 62 f6 03 2c 7f a7 8e 88 fe ac c0 db 41 a1 71 d6 e3 c2 e7 5b 4d b2 3e 67 4c 70 c3 73 7c e9 e4 08 07 1f 20 74 03 b2 f1 16 8c e7 fb a6 14 be 7e cd 7b e9 df 0e cb 86 27 07 96 17 2c f8 03 c1 cc 47 12 6d cb 7b 6a 48 4b cb a1 aa d2 b2 11 7d cb 18 ff b0 9c 8b 25 99 7c 94 79 42 41 e4 e8 8d 57 e5 f4 f4 31 e4 41 d9 5a 15 37 94 5c 94 25 09 14 df ef ea 4b c6 a5 30 70 34 90 61 ee 64 09 2d c0 df 76 fb 63 32 7e dd 0b 83 e6 58 ea 3c 23 93 b8 92 1b 98 05 fb 07 0b 38 4e 60 c0 3a 69 ec 0f 5e 6c e0 99 85 e0 50 6e 3e f2 c7 9e 76 3b f2 b3 15 0d f9 39 31 26 35 c9 c1 15 e4 9d d2 51 1c 19 1f bb c2 92 43 46 67 50 c8 01 2b cd d2 b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:30:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"67d01f78-b8d"Server: PythonAnywhereContent-Encoding: gzipData Raw: 34 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 56 61 6f db 36 10 fd de 5f 71 11 86 75 03 6c ab 49 16 60 70 15 6f c1 ba ae fb d0 6e 40 12 14 fb 48 49 94 c5 85 22 05 92 8a e2 0e fd ef 7d 47 d9 89 15 39 68 56 23 40 2c 8a 77 bc 77 f7 de a3 b3 3a 34 7a f5 82 f0 c9 6a 29 ca e1 6b 7c 6c 64 10 54 d4 c2 79 19 ce 93 eb ab b7 f3 9f 93 bd d7 41 05 2d 57 bf d9 46 99 35 5d 5a 6b 96 f4 f7 26 d4 d6 5c 98 4d 5f 4b 27 b3 74 d8 12 93 c7 8c 3e 6c 10 72 ff cc 6b b9 2d 37 f4 df 68 89 97 2b 6b c2 bc 12 8d d2 9b 25 bd 93 fa 56 06 55 88 19 5d 38 25 f4 8c bc 30 7e ee a5 53 d5 eb 49 68 af ca 50 2f e9 ec d5 ab f6 6e fa b6 11 6e ad cc 5c cb 2a 2c 49 74 c1 3e b9 c5 a9 75 fd b5 3d c1 b6 4b 3a 99 1c f4 f9 c5 a8 aa fa f8 6b 08 af 9c cc bb a2 96 81 de 5f ce fe 07 de 47 07 2d 2a eb e6 5e 05 39 b7 bd 91 ee a9 53 bd fa 24 97 e4 1b a1 b5 74 4f e2 8f d8 4e 27 d8 78 3a 85 d5 d6 2d 69 ed c4 66 1c fe f9 1e 77 96 ee 0d 3b 4b 07 6a c5 b7 19 8f fc 81 04 99 6a d6 e4 5d 71 9e d4 21 b4 7e 99 a6 fe 74 21 1a f1 c9 1a d1 fb 45 61 9b b4 8d b4 12 5b 5a cd a5 73 80 a9 1a b1 96 3e d5 76 6d e7 27 a7 3f dd 9d 9e 2d 5a b3 4e 28 5d 3d 34 3f 2b d5 2d 15 5a 78 7f 9e 34 42 99 3d fa 32 8c ac 3e de e7 ef 11 ca 3c de 8b 8e 5b da 87 4a f9 99 3f 57 b5 f2 84 bf b5 65 e6 07 4b b9 24 61 6c 00 e7 d1 12 29 02 f5 32 e7 29 50 6d 7d 90 25 e5 9b fb b6 0c 19 70 b4 a0 da c9 ea 01 74 df f7 8b 31 ce 08 3d 59 3d d6 94 58 2d 46 d9 b2 14 25 8e 57 0e d4 3c ce 42 5a 06 4f 1b db c5 0a 67 e4 3a 33 03 84 12 83 2d e5 56 c5 a4 0c 01 12 da 67 bb 72 7c 24 83 f8 ab 73 54 39 29 a9 d5 c2 d0 5a dd ca 21 a1 28 0a e9 3d 77 a5 11 45 ad 0c 96 7b 15 ea 51 81 1c 2f 6f a5 c3 58 b9 83 42 a3 69 70 01 d8 0c 75 2d a4 ef b8 b4 05 fd 83 fa 0a 24 2f b1 57 db 36 16 c8 1d 9d e4 c2 6e 77 df 73 44 83 29 34 8c 23 e2 29 95 93 45 d0 1b d4 6b 1b 4e ed 28 77 b6 87 7d 4c 32 71 a9 b6 0b 54 8b db ed 6c 95 f1 01 3a 21 6f ab d0 0b 27 09 f9 1b 61 c0 bd 21 13 84 86 c2 1d d0 8c 7b f4 bc b1 7c 90 a0 47 63 91 b6 b5 bd 74 bf d0 75 0b 51 95 58 e4 b6 7a c2 d9 2e 10 18 f5 dd 59 da c0 12 eb 6f 39 e4 f9 5c db 75 bc 52 e0 02 f7 21 96 26 72 fe fa 88 41 6c f0 8b 2c 15 ab 51 0f 23 6a 1e 2f 7f b2 14 f2 db e3 e6 be 1a c7 46 35 d1 e5 c9 ea cd 30 74 48 4a 99 ca 42 99 27 7b 99 62 f6 03 2c 7f a7 8e 88 fe ac c0 db 41 a1 71 d6 e3 c2 e7 5b 4d b2 3e 67 4c 70 c3 73 7c e9 e4 08 07 1f 20 74 03 b2 f1 16 8c e7 fb a6 14 be 7e cd 7b e9 df 0e cb 86 27 07 96 17 2c f8 03 c1 cc 47 12 6d cb 7b 6a 48 4b cb a1 aa d2 b2 11 7d cb 18 ff b0 9c 8b 25 99 7c 94 79 42 41 e4 e8 8d 57 e5 f4 f4 31 e4 41 d9 5a 15 37 94 5c 94 25 09 14 df ef ea 4b c6 a5 30 70 34 90 61 ee 64 09 2d c0 df 76 fb 63 32 7e dd 0b 83 e6 58 ea 3c 23 93 b8 92 1b 98 05 fb 07 0b 38 4e 60 c0 3a 69 ec 0f 5e 6c e0 99 85 e0 50 6e 3e f2 c7 9e 76 3b f2 b3 15 0d f9 39 31 26 35 c9 c1 15 e4 9d d2 51 1c 19 1f bb c2 92 43 46 67 50 c8 01 2b cd d2 b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 12 Mar 2025 08:30:15 GMTContent-Type: text/htmlContent-Length: 2957Connection: closeETag: "67d01f78-b8d"Server: PythonAnywhereData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3a 20 50 79 74 68 6f 6e 41 6e 79 77 68 65 72 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 72 65 62 75 63 68 65 74 20 4d 53 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 66 6f 72 2d 73 69 74 65 2d 6f 77 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 67 72 61 79 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 79 74 68 6f 6e 61 6e 79 77 68 65 72 65 2d 65 72 72 6f 72 2d 69 6d 61 67 65 73 2f 6c 6f 67 6f 2d 32 33 34 78 33 35 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 21 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 54 68 69 73 20 69 73 20 67 6f 69 6e 67 20 74 6f 20 62 65 20 61 6e 6f 74 68 65 72 20 67 72 65 61 74 20 77 65 62 73 69 74 65 20 68 6f 73 74 65 64 20 62 79 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 79 74 68 6f 6e 61 6e 79 77 68 65 72 65 2e 63 6f 6d 2f 22 3e 50 79 74 68 6f 6e 41 6e 79 77
                Source: KINGXR0SWeeumOtY.exe, 0000000B.00000002.3733704972.0000000005159000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tuongminhjsc.click
                Source: KINGXR0SWeeumOtY.exe, 0000000B.00000002.3733704972.0000000005159000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tuongminhjsc.click/f5qk/
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20-
                Source: unregmp2.exe, 0000000A.00000002.3732885355.0000000005902000.00000004.10000000.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3732053293.0000000003B72000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: unregmp2.exe, 0000000A.00000002.3732885355.0000000006400000.00000004.10000000.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3732053293.0000000004670000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.pythonanywhere.com/pages/UsingANewDomainForExistingWebApp
                Source: unregmp2.exe, 0000000A.00000002.3730651625.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: unregmp2.exe, 0000000A.00000003.1722264046.00000000076CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: unregmp2.exe, 0000000A.00000002.3730651625.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
                Source: unregmp2.exe, 0000000A.00000002.3730651625.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: unregmp2.exe, 0000000A.00000002.3730651625.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033B
                Source: unregmp2.exe, 0000000A.00000002.3730651625.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: unregmp2.exe, 0000000A.00000002.3730651625.000000000079B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: unregmp2.exe, 0000000A.00000002.3732885355.0000000006400000.00000004.10000000.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3732053293.0000000004670000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://s3.amazonaws.com/pythonanywhere-error-images/logo-234x35.png
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                Source: unregmp2.exe, 0000000A.00000002.3734964274.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp
                Source: KINGXR0SWeeumOtY.exe, 0000000B.00000002.3732053293.0000000004670000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.pythonanywhere.com/
                Source: unregmp2.exe, 0000000A.00000002.3732885355.0000000006400000.00000004.10000000.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3732053293.0000000004670000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.pythonanywhere.com/forums/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3732118914.0000000000DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3733704972.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730543677.00000000006F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3731952033.0000000003410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546681971.0000000000FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546023455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730002341.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1547946500.0000000001DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                .NET source code contains very large array initializations
                Source: Quotation.exe, MainForm.csLarge array initialization: MainForm: array initializer size 3170
                Source: Quotation.exe, EmployeeDbContext.csLarge array initialization: : array initializer size 643928
                Source: 10.2.unregmp2.exe.4a1cd14.2.raw.unpack, MainForm.csLarge array initialization: MainForm: array initializer size 3170
                Source: 10.2.unregmp2.exe.4a1cd14.2.raw.unpack, EmployeeDbContext.csLarge array initialization: : array initializer size 643928
                Source: 11.2.KINGXR0SWeeumOtY.exe.2c8cd14.1.raw.unpack, MainForm.csLarge array initialization: MainForm: array initializer size 3170
                Source: 11.2.KINGXR0SWeeumOtY.exe.2c8cd14.1.raw.unpack, EmployeeDbContext.csLarge array initialization: : array initializer size 643928
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: Quotation.exe
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0042CC93 NtClose,7_2_0042CC93
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112B60 NtClose,LdrInitializeThunk,7_2_01112B60
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_01112DF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_01112C70
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011135C0 NtCreateMutant,LdrInitializeThunk,7_2_011135C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01114340 NtSetContextThread,7_2_01114340
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01114650 NtSuspendThread,7_2_01114650
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112B80 NtQueryInformationFile,7_2_01112B80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112BA0 NtEnumerateValueKey,7_2_01112BA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112BF0 NtAllocateVirtualMemory,7_2_01112BF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112BE0 NtQueryValueKey,7_2_01112BE0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112AB0 NtWaitForSingleObject,7_2_01112AB0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112AD0 NtReadFile,7_2_01112AD0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112AF0 NtWriteFile,7_2_01112AF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112D10 NtMapViewOfSection,7_2_01112D10
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112D00 NtSetInformationFile,7_2_01112D00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112D30 NtUnmapViewOfSection,7_2_01112D30
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112DB0 NtEnumerateKey,7_2_01112DB0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112DD0 NtDelayExecution,7_2_01112DD0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112C00 NtQueryInformationProcess,7_2_01112C00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112C60 NtCreateKey,7_2_01112C60
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112CA0 NtQueryInformationToken,7_2_01112CA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112CC0 NtQueryVirtualMemory,7_2_01112CC0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112CF0 NtOpenProcess,7_2_01112CF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112F30 NtCreateSection,7_2_01112F30
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112F60 NtCreateProcessEx,7_2_01112F60
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112F90 NtProtectVirtualMemory,7_2_01112F90
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112FB0 NtResumeThread,7_2_01112FB0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112FA0 NtQuerySection,7_2_01112FA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112FE0 NtCreateFile,7_2_01112FE0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112E30 NtWriteVirtualMemory,7_2_01112E30
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112E80 NtReadVirtualMemory,7_2_01112E80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112EA0 NtAdjustPrivilegesToken,7_2_01112EA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112EE0 NtQueueApcThread,7_2_01112EE0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01113010 NtOpenDirectoryObject,7_2_01113010
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01113090 NtSetValueKey,7_2_01113090
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011139B0 NtGetContextThread,7_2_011139B0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01113D10 NtOpenProcessToken,7_2_01113D10
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01113D70 NtOpenThread,7_2_01113D70
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04464650 NtSuspendThread,LdrInitializeThunk,10_2_04464650
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04464340 NtSetContextThread,LdrInitializeThunk,10_2_04464340
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462C60 NtCreateKey,LdrInitializeThunk,10_2_04462C60
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_04462C70
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_04462CA0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462D10 NtMapViewOfSection,LdrInitializeThunk,10_2_04462D10
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462D30 NtUnmapViewOfSection,LdrInitializeThunk,10_2_04462D30
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462DD0 NtDelayExecution,LdrInitializeThunk,10_2_04462DD0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_04462DF0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462EE0 NtQueueApcThread,LdrInitializeThunk,10_2_04462EE0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462E80 NtReadVirtualMemory,LdrInitializeThunk,10_2_04462E80
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462F30 NtCreateSection,LdrInitializeThunk,10_2_04462F30
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462FE0 NtCreateFile,LdrInitializeThunk,10_2_04462FE0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462FB0 NtResumeThread,LdrInitializeThunk,10_2_04462FB0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462AD0 NtReadFile,LdrInitializeThunk,10_2_04462AD0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462AF0 NtWriteFile,LdrInitializeThunk,10_2_04462AF0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462B60 NtClose,LdrInitializeThunk,10_2_04462B60
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462BE0 NtQueryValueKey,LdrInitializeThunk,10_2_04462BE0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04462BF0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_04462BA0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044635C0 NtCreateMutant,LdrInitializeThunk,10_2_044635C0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044639B0 NtGetContextThread,LdrInitializeThunk,10_2_044639B0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462C00 NtQueryInformationProcess,10_2_04462C00
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462CC0 NtQueryVirtualMemory,10_2_04462CC0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462CF0 NtOpenProcess,10_2_04462CF0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462D00 NtSetInformationFile,10_2_04462D00
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462DB0 NtEnumerateKey,10_2_04462DB0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462E30 NtWriteVirtualMemory,10_2_04462E30
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462EA0 NtAdjustPrivilegesToken,10_2_04462EA0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462F60 NtCreateProcessEx,10_2_04462F60
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462F90 NtProtectVirtualMemory,10_2_04462F90
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462FA0 NtQuerySection,10_2_04462FA0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462AB0 NtWaitForSingleObject,10_2_04462AB0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04462B80 NtQueryInformationFile,10_2_04462B80
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04463010 NtOpenDirectoryObject,10_2_04463010
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04463090 NtSetValueKey,10_2_04463090
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04463D70 NtOpenThread,10_2_04463D70
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04463D10 NtOpenProcessToken,10_2_04463D10
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00429480 NtCreateFile,10_2_00429480
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_004295F0 NtReadFile,10_2_004295F0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_004296F0 NtDeleteFile,10_2_004296F0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_004297A0 NtClose,10_2_004297A0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00429900 NtAllocateVirtualMemory,10_2_00429900
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EAF299 NtReadVirtualMemory,10_2_00EAF299
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_018270481_2_01827048
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_076769101_2_07676910
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_076726581_2_07672658
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_076769101_2_07676910
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_076742D01_2_076742D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_076750881_2_07675088
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_07672EC81_2_07672EC8
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_07672A901_2_07672A90
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_076769001_2_07676900
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00418B537_2_00418B53
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004028037_2_00402803
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004028107_2_00402810
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004190CB7_2_004190CB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004011F07_2_004011F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004032707_2_00403270
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0042F2E37_2_0042F2E3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004103237_2_00410323
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004024F07_2_004024F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004105437_2_00410543
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00402D447_2_00402D44
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00402D507_2_00402D50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00416D537_2_00416D53
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0040E5537_2_0040E553
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0040E6977_2_0040E697
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0040E6A37_2_0040E6A3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D01007_2_010D0100
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117A1187_2_0117A118
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011681587_2_01168158
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A01AA7_2_011A01AA
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011941A27_2_011941A2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011981CC7_2_011981CC
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011720007_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119A3527_2_0119A352
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A03E67_2_011A03E6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE3F07_2_010EE3F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011802747_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011602C07_2_011602C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E05357_2_010E0535
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A05917_2_011A0591
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011844207_2_01184420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011924467_2_01192446
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118E4F67_2_0118E4F6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011047507_2_01104750
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E07707_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DC7C07_2_010DC7C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FC6E07_2_010FC6E0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F69627_2_010F6962
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011AA9A67_2_011AA9A6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EA8407_2_010EA840
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C68B87_2_010C68B8
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E8F07_2_0110E8F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119AB407_2_0119AB40
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01196BD77_2_01196BD7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA807_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117CD1F7_2_0117CD1F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EAD007_2_010EAD00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F8DBF7_2_010F8DBF
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DADE07_2_010DADE0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0C007_2_010E0C00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180CB57_2_01180CB5
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0CF27_2_010D0CF2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01100F307_2_01100F30
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01182F307_2_01182F30
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01122F287_2_01122F28
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01154F407_2_01154F40
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115EFA07_2_0115EFA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D2FC87_2_010D2FC8
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010ECFE07_2_010ECFE0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119EE267_2_0119EE26
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0E597_2_010E0E59
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119CE937_2_0119CE93
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F2E907_2_010F2E90
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119EEDB7_2_0119EEDB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011AB16B7_2_011AB16B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0111516C7_2_0111516C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CF1727_2_010CF172
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EB1B07_2_010EB1B0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118F0CC7_2_0118F0CC
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011970E97_2_011970E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119F0E07_2_0119F0E0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119132D7_2_0119132D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CD34C7_2_010CD34C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0112739A7_2_0112739A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E52A07_2_010E52A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FB2C07_2_010FB2C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011812ED7_2_011812ED
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011975717_2_01197571
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117D5B07_2_0117D5B0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A95C37_2_011A95C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119F43F7_2_0119F43F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D14607_2_010D1460
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119F7B07_2_0119F7B0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011256307_2_01125630
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011916CC7_2_011916CC
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011759107_2_01175910
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E99507_2_010E9950
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FB9507_2_010FB950
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114D8007_2_0114D800
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E38E07_2_010E38E0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119FB767_2_0119FB76
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FFB807_2_010FFB80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01155BF07_2_01155BF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0111DBF97_2_0111DBF9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119FA497_2_0119FA49
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01197A467_2_01197A46
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01153A6C7_2_01153A6C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01125AA07_2_01125AA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01181AA37_2_01181AA3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118DAC67_2_0118DAC6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01191D5A7_2_01191D5A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E3D407_2_010E3D40
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01197D737_2_01197D73
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FFDC07_2_010FFDC0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01159C327_2_01159C32
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119FCF27_2_0119FCF2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119FF097_2_0119FF09
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E1F927_2_010E1F92
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119FFB17_2_0119FFB1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010A3FD27_2_010A3FD2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010A3FD57_2_010A3FD5
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E9EB07_2_010E9EB0
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_036501239_2_03650123
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_036502C09_2_036502C0
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_036502CC9_2_036502CC
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365216C9_2_0365216C
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365897C9_2_0365897C
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365A7749_2_0365A774
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_03651F4C9_2_03651F4C
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_03670F0C9_2_03670F0C
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E244610_2_044E2446
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044D442010_2_044D4420
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044DE4F610_2_044DE4F6
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443053510_2_04430535
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044F059110_2_044F0591
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0444C6E010_2_0444C6E0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0445475010_2_04454750
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443077010_2_04430770
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0442C7C010_2_0442C7C0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044C200010_2_044C2000
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044B815810_2_044B8158
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0442010010_2_04420100
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044CA11810_2_044CA118
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E81CC10_2_044E81CC
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044F01AA10_2_044F01AA
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E41A210_2_044E41A2
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044D027410_2_044D0274
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044B02C010_2_044B02C0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EA35210_2_044EA352
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044F03E610_2_044F03E6
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443E3F010_2_0443E3F0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04430C0010_2_04430C00
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04420CF210_2_04420CF2
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044D0CB510_2_044D0CB5
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443AD0010_2_0443AD00
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044CCD1F10_2_044CCD1F
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0442ADE010_2_0442ADE0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04448DBF10_2_04448DBF
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04430E5910_2_04430E59
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EEE2610_2_044EEE26
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EEEDB10_2_044EEEDB
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04442E9010_2_04442E90
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044ECE9310_2_044ECE93
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044A4F4010_2_044A4F40
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04472F2810_2_04472F28
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04450F3010_2_04450F30
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044D2F3010_2_044D2F30
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04422FC810_2_04422FC8
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443CFE010_2_0443CFE0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044AEFA010_2_044AEFA0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443A84010_2_0443A840
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0445E8F010_2_0445E8F0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044168B810_2_044168B8
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0444696210_2_04446962
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044FA9A610_2_044FA9A6
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0442EA8010_2_0442EA80
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EAB4010_2_044EAB40
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E6BD710_2_044E6BD7
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0442146010_2_04421460
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EF43F10_2_044EF43F
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E757110_2_044E7571
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044F95C310_2_044F95C3
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044CD5B010_2_044CD5B0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0447563010_2_04475630
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E16CC10_2_044E16CC
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EF7B010_2_044EF7B0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044DF0CC10_2_044DF0CC
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E70E910_2_044E70E9
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EF0E010_2_044EF0E0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044FB16B10_2_044FB16B
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0446516C10_2_0446516C
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0441F17210_2_0441F172
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443B1B010_2_0443B1B0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0444B2C010_2_0444B2C0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044D12ED10_2_044D12ED
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044352A010_2_044352A0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0441D34C10_2_0441D34C
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E132D10_2_044E132D
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0447739A10_2_0447739A
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044A9C3210_2_044A9C32
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EFCF210_2_044EFCF2
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04433D4010_2_04433D40
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E1D5A10_2_044E1D5A
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E7D7310_2_044E7D73
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0444FDC010_2_0444FDC0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04439EB010_2_04439EB0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EFF0910_2_044EFF09
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04431F9210_2_04431F92
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_043F3FD510_2_043F3FD5
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_043F3FD210_2_043F3FD2
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EFFB110_2_044EFFB1
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0449D80010_2_0449D800
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044338E010_2_044338E0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0443995010_2_04439950
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0444B95010_2_0444B950
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044C591010_2_044C5910
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EFA4910_2_044EFA49
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044E7A4610_2_044E7A46
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044A3A6C10_2_044A3A6C
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044DDAC610_2_044DDAC6
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_04475AA010_2_04475AA0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044D1AA310_2_044D1AA3
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044EFB7610_2_044EFB76
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_044A5BF010_2_044A5BF0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0446DBF910_2_0446DBF9
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0444FB8010_2_0444FB80
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00411FB010_2_00411FB0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0040CE3010_2_0040CE30
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0040D05010_2_0040D050
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0040B06010_2_0040B060
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0040B1A410_2_0040B1A4
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0040B1B010_2_0040B1B0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0041566010_2_00415660
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0041386010_2_00413860
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0042BDF010_2_0042BDF0
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EAE2E810_2_00EAE2E8
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EAE40510_2_00EAE405
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EAE79D10_2_00EAE79D
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EAD86810_2_00EAD868
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EAE93310_2_00EAE933
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EACB0310_2_00EACB03
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 0449EA12 appears 86 times
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04465130 appears 58 times
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 044AF290 appears 105 times
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04477E54 appears 110 times
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 0441B970 appears 250 times
                Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 010CB970 appears 250 times
                Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 01127E54 appears 110 times
                Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 0114EA12 appears 86 times
                Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 0115F290 appears 105 times
                Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 01115130 appears 58 times
                Source: Quotation.exe, 00000001.00000002.1300223379.0000000003294000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs Quotation.exe
                Source: Quotation.exe, 00000001.00000002.1304620742.00000000058C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs Quotation.exe
                Source: Quotation.exe, 00000001.00000002.1286890729.000000000124E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quotation.exe
                Source: Quotation.exe, 00000001.00000002.1306210980.0000000007ED0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Quotation.exe
                Source: Quotation.exe, 00000007.00000002.1546282470.0000000000CB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunregmp2.exej% vs Quotation.exe
                Source: Quotation.exe, 00000007.00000002.1546792335.00000000011CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation.exe
                Source: Quotation.exe, 00000007.00000002.1546282470.0000000000C47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: periodtrackConductortrackComposertrackPerformertrackNumbertrackTitleWMContentIDpublisherRatingproviderStylealbumArtistalbumTitleWMCollectionGroupIDWMCollectionIDgenrelabelreleaseDatecommunityRatingdataProviderWM/IsCompilationAverageLevelPeakValueWM/WMCPDistributorIDWM/WMCPDistributorWM/WMShadowFileSourceDRMTypeWM/WMShadowFileSourceFileTypeWM/MediaOriginalBroadcastDateTimeWM/MediaOriginalChannelWM/MediaStationNameWM/SubTitleDescriptionWM/SubscriptionContentIDWM/ContentDistributorWM/ProviderStyleWM/ProviderRatingWM/ProviderWM/ISRCWM/DRMWM/CodecWM/PlaylistDelayWM/RadioStationOwnerWM/RadioStationNameWM/ModifiedByWM/UniqueFileIdentifierWM/WMCollectionGroupIDWM/WMCollectionIDWM/WMContentIDWM/DVDIDWM/TextWM/MoodWM/InitialKeyWM/BeatsPerMinuteWM/ParentalRatingWM/LanguageWM/AudioSourceURLWM/AudioFileURLWM/UserWebURLWM/AuthorURLWM/EncodingTimeWM/EncodingSettingsWM/EncodedByWM/PublisherWM/OriginalFilenameWM/OriginalReleaseYearWM/OriginalAlbumTitleWM/OriginalArtistWM/OriginalLyricistWM/Lyrics_SynchronisedWM/PictureWM/CategoryWM/PeriodWM/MediaClassSecondaryIDWM/MediaClassPrimaryIDWM/VideoFrameRateWM/VideoWidthWM/VideoHeightWM/ProtectionTypeWM/PartOfSetWM/SubTitleWM/ContentGroupDescriptionWM/DirectorWM/ProducerWM/ConductorWM/WriterAspectRatioYAspectRatioXWM/AlbumArtistIsVBRWM/ToolVersionWM/ToolNameWM/TrackNumberWM/LyricsWM/ComposerWM/MCDIWM/GenreIDWM/YearWM/GenreWM/AlbumCoverURLWM/PromotionURLWM/AlbumTitleDRM_IndividualizedVersionDRM_KeyIDCopyrightDescriptionAuthorTitleFileSizeCurrentBitrateIs_ProtectedDuration vs Quotation.exe
                Source: Quotation.exe, 00000007.00000002.1546282470.0000000000C47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunregmp2.exej% vs Quotation.exe
                Source: Quotation.exeBinary or memory string: OriginalFilenameyfow.exe0 vs Quotation.exe
                Source: Quotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Quotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, y0R4q8lvbVUsucRoPC.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, y0R4q8lvbVUsucRoPC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, y0R4q8lvbVUsucRoPC.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, ldw86W5vOWd9MhaTCL.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, ldw86W5vOWd9MhaTCL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@18/15
                Source: C:\Users\user\Desktop\Quotation.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\unregmp2.exeFile created: C:\Users\user\AppData\Local\Temp\1f12T89Jump to behavior
                Source: Quotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Quotation.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unregmp2.exe, 0000000A.00000002.3730651625.0000000000805000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1723453968.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3730651625.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3730651625.00000000007B4000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3730651625.00000000007E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Quotation.exeVirustotal: Detection: 56%
                Source: Quotation.exeReversingLabs: Detection: 52%
                Source: unknownProcess created: C:\Users\user\Desktop\Quotation.exe "C:\Users\user\Desktop\Quotation.exe"
                Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe "C:\Users\user\Desktop\Quotation.exe"
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe "C:\Users\user\Desktop\Quotation.exe"Jump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Quotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: unregmp2.pdb source: Quotation.exe, 00000007.00000002.1546282470.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000002.3730779579.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: Quotation.exe, 00000007.00000002.1546792335.00000000010A0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3732302629.00000000043F0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3732302629.000000000458E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1548182110.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1546312598.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Quotation.exe, Quotation.exe, 00000007.00000002.1546792335.00000000010A0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 0000000A.00000002.3732302629.00000000043F0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000002.3732302629.000000000458E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1548182110.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 0000000A.00000003.1546312598.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: unregmp2.pdbGCTL source: Quotation.exe, 00000007.00000002.1546282470.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000002.3730779579.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KINGXR0SWeeumOtY.exe, 00000009.00000002.3729987946.000000000042F000.00000002.00000001.01000000.0000000A.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3729990823.000000000042F000.00000002.00000001.01000000.0000000A.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, y0R4q8lvbVUsucRoPC.cs.Net Code: YtvZqlNWXE System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_07677AF2 push eax; iretd 1_2_07677AF5
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004188CB push edi; retf 7_2_00418A34
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0041889A push edi; retf 7_2_00418A34
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0041F8B0 push ds; retf 7_2_0041F8B3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00418903 push edi; retf 7_2_00418A34
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0041F906 push es; ret 7_2_0041F90D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004189D4 push edi; retf 7_2_00418A34
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00411C71 push cs; iretd 7_2_00411C96
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_004034F0 push eax; ret 7_2_004034F2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00401D78 push ecx; iretd 7_2_00401D79
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00414DE1 push ss; ret 7_2_00414DE4
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0041A6B4 push eax; ret 7_2_0041A6B6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00418754 push edi; iretd 7_2_0041876D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010A225F pushad ; ret 7_2_010A27F9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010A27FA pushad ; ret 7_2_010A27F9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D09AD push ecx; mov dword ptr [esp], ecx7_2_010D09B6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010A283D push eax; iretd 7_2_010A2858
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010A1366 push eax; iretd 7_2_010A1369
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365A37D push edi; iretd 9_2_0365A396
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_03656A0A push ss; ret 9_2_03656A0D
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365C2DD push eax; ret 9_2_0365C2DF
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365389A push cs; iretd 9_2_036538BF
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365A52C push edi; retf 9_2_0365A65D
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0366152F push es; ret 9_2_03661536
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365A5FD push edi; retf 9_2_0365A65D
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365A4F4 push edi; retf 9_2_0365A65D
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365A4C3 push edi; retf 9_2_0365A65D
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_0365ACDC push esi; iretd 9_2_0365ACDD
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeCode function: 9_2_036614D9 push ds; retf 9_2_036614DC
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_043F27FA pushad ; ret 10_2_043F27F9
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_043F225F pushad ; ret 10_2_043F27F9
                Source: Quotation.exeStatic PE information: section name: .text entropy: 7.883997237372285
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, e551Lgp8Y3JxlieJO9.csHigh entropy of concatenated method names: 'NegMsOl76O', 'cTjM1pHq72', 'xCmMwqaskm', 'JKtwvOlpAw', 'iSvwzEapra', 'YJNMn0a9iP', 'MODMoTjZ1g', 'addM3Mi1ab', 'YZJMCWSHpt', 'vr0MZkFUYQ'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, UuBmaNyc0xTEHbn6rO.csHigh entropy of concatenated method names: 'FC9147lhod', 'JJN1Q9fJxJ', 'WHt15l9ebZ', 'YtF1ywGhop', 'qWM18QSqsQ', 'PGM1XyVTM6', 'sWu1bZ08sB', 'BC416Wv1pN', 'Xy11rKd1j5', 'nEj1G6rbgp'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, y0R4q8lvbVUsucRoPC.csHigh entropy of concatenated method names: 'g3RCYX4Mi0', 'a7dCsSYvvU', 'YvfCky6LKK', 'YQYC1KqEtO', 'S6WCFTBZQ2', 'lHbCwkB1iS', 'Gt3CMf8gXP', 's2dCl3eRuD', 'BfHCuWCkc4', 'N5NCf2Vrqx'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, lX42D8vkeluATwmqyc.csHigh entropy of concatenated method names: 'QSEG15lB50', 'GCEGFHulSb', 'vsvGwFN9Dq', 'a43GMNW3Fo', 'qxfGrVoUWL', 'AsAGlkbyUi', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, uBHZkG18jEpN9ngbyL.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Fb537d0XoD', 'BjU3vjKA6Z', 'TwZ3zTmeft', 'LK9CnRZLLK', 'oC8Coaxrpu', 'RK6C3pGTt4', 'gHvCCS1R7w', 'i9BWAd2fbHvXsvVesUD'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, h8u2GJ7P7EbP4WmFTX.csHigh entropy of concatenated method names: 'KQGrUw0HbZ', 'hhDrJFcdMN', 'hS7rR31lkH', 'D6irmSS90s', 'm5Prt6vAln', 'J3EraZLLuK', 'xUhrpev02i', 'DIGrNyAXyG', 'BCbrcij8tD', 'PfCrLCHOFj'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, VsuG0rEpLllmUxm4We.csHigh entropy of concatenated method names: 'bh0FAy8OeL', 'ne5FSWcBAI', 'lmP1RyIEOk', 'RLF1mwXtm5', 'Khw1tNmplA', 'R1k1ahIRdO', 'NCp1pUedDr', 'Cgf1NtYk7v', 'ccN1cOqd0I', 'uDn1LDhSWk'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, IJ5Q65onMIbioIeC3Y3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bXnGdmoJyM', 'vj3GIIAeB3', 'cJtGTxgojf', 'oOOG29S6Ej', 'ouDGj1elSo', 'O4gG0xh90y', 'g0FG9iWZJB'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, sAIf6FTtaHn56pNi97.csHigh entropy of concatenated method names: 'NgVP5ZtLth', 'zGoPy9NM6E', 'yGNPUxDdLw', 'HY8PJKZWy2', 'KsKPmppkjb', 'URWPtdAdPm', 'oQ1PpQQfip', 'qBCPN3Kjhn', 'janPL0EPHh', 'w6VPdLKc1X'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, ib2NIwZjeLuP6FliWJ.csHigh entropy of concatenated method names: 'couoMdw86W', 'YOWold9Mha', 'Lc0ofxTEHb', 'a6roWOBsuG', 'um4o8WeZlC', 'a4PoXY9x0E', 'Qp8uFlCaF0KLHvinf8', 'KvInMOPg47YltbjZFj', 'IqCooonw8M', 'XQfoCUI4bl'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, QYPbA1zKZhDOHJ4uJ2.csHigh entropy of concatenated method names: 'GW0GQxpln5', 'xeXG57L3rV', 'NSGGysN2NY', 'O6xGUc9TlD', 'cinGJkiTR8', 'uNmGm9go6g', 'JgZGtwDyqM', 'DnbGOAeeBW', 'qV2GgoyPra', 'zoXGiQ8UvT'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, feAiFY9yF9UWJMP29u.csHigh entropy of concatenated method names: 'cSLbfxVErm', 'Y6XbWT2csI', 'ToString', 'kcZbsteDUO', 'pBKbkY0lhb', 'O6nb101brJ', 'KMFbFNtOUp', 'PoebwnOQ8s', 'cKhbMyKvvm', 'os0bl9Cc44'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, yrbQKe2HvoL8ZC3KNi.csHigh entropy of concatenated method names: 'pCT8Lbm6E9', 'vj68I0YM9j', 'I4582o1Xha', 'RRp8jrLsB4', 'Y6r8JYAjVy', 'biw8RPR7Gk', 'QO98mKYZeJ', 'u8n8tWC9ld', 'z738aWoL9G', 'LGH8pSmFjR'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, LRDYavBLp47dIJIPQH.csHigh entropy of concatenated method names: 'SdCr83uhgW', 'uBOrbt5dx2', 'mEerr3e3Ji', 'D6srVC5yIa', 'WfcrxBhK1C', 'VFmrOsj7PV', 'Dispose', 'kZX6s4pE8D', 'QO06kZwEcV', 'tyy61IoOC3'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, Pmo6l6hgN2XueqPHiJ.csHigh entropy of concatenated method names: 'wSBbeutUp8', 'OVZbvPGtqo', 'Jgg6nUyvCd', 'RV46oZPeZ0', 'C0UbdQXZdT', 'D3QbIPJ3nk', 'LKgbTn9nRb', 'ShFb20Zi3t', 'Yt1bjMtxHt', 'cI3b0ZViCp'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, IQAaA8cEJDd1OPKpZo.csHigh entropy of concatenated method names: 'FYfMgVCueB', 'DkVMi5Sajy', 'oFKMqtZb4J', 'sleM4UXaNr', 'bBJMACjdI0', 'gYsMQffwiE', 'dEKMSnf89U', 'xo8M5Zsl9E', 'sAcMyCo0Hu', 'zd4ME5Y6fb'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, dlCo4PUY9x0EpioAV2.csHigh entropy of concatenated method names: 'KM5wYXBjJ4', 'jwywkDeweK', 'k0iwFQomrp', 'prjwMNCdlS', 'uwCwlFeIns', 'bJHFKg6X0t', 'W99FhWL0ny', 'vuWFB3oZGb', 'u4hFent53H', 'vlMF7BQLij'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, eQbWrRkZi8p9jtt5F8.csHigh entropy of concatenated method names: 'Dispose', 'A7do7IJIPQ', 'VxZ3JX92hB', 'kGrIKpajI6', 'w4DovJW71k', 'scDoz3m7AU', 'ProcessDialogKey', 'hY13n8u2GJ', 'n7E3obP4Wm', 'hTX33uX42D'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, tkbA7ZooM6MigvgdqFn.csHigh entropy of concatenated method names: 'vH6GvXJ4SR', 'LDSGzKHjdY', 'apOVnTMQYp', 'liBVo62I62', 'mPuV3H6FGd', 'BpjVCrh4N0', 'OBcVZRaPae', 'HYFVYOmSRv', 'qBWVsscEC1', 'E1tVk0q6hB'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, ldw86W5vOWd9MhaTCL.csHigh entropy of concatenated method names: 'nDck2y0YOT', 'VR4kjDXU0H', 'gCfk0tDJlK', 'Rnak9LF7MY', 'L3NkKs4gPF', 'wvSkhJCAoE', 'CRbkBPka7G', 'PHukeXt0r0', 'qCMk7GYfMx', 'V1bkveErXG'
                Source: 1.2.Quotation.exe.7ed0000.6.raw.unpack, HAKsWe3hbs5M5c8SLZ.csHigh entropy of concatenated method names: 'T5SqTRRc0', 'Qk14c1OvT', 'qZRQ9BQ3b', 'ziiSDF7qR', 'FT0yTMNfM', 'b9aE3CDRm', 'dp3A7XDYiKEsrn2sva', 'KmEKpqvNECHc2HDrcO', 'RuV6vSX2Y', 'haeGKPulf'
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 5320, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105CD324
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105CD7E4
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105CD944
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105CD504
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105CD544
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105CD1E4
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105D0154
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF9105CDA44
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: 17E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: 9510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: 7F60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: A510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: B510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0111096E rdtsc 7_2_0111096E
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_00EA0283 sgdt fword ptr [eax]10_2_00EA0283
                Source: C:\Users\user\Desktop\Quotation.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeWindow / User API: threadDelayed 2704Jump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeWindow / User API: threadDelayed 7268Jump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\unregmp2.exeAPI coverage: 2.8 %
                Source: C:\Users\user\Desktop\Quotation.exe TID: 3484Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exe TID: 2584Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7632Thread sleep count: 2704 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7632Thread sleep time: -5408000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7632Thread sleep count: 7268 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7632Thread sleep time: -14536000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe TID: 7680Thread sleep time: -90000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe TID: 7680Thread sleep count: 37 > 30Jump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe TID: 7680Thread sleep time: -55500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe TID: 7680Thread sleep count: 43 > 30Jump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe TID: 7680Thread sleep time: -43000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\unregmp2.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 10_2_0041C890 FindFirstFileW,FindNextFileW,FindClose,10_2_0041C890
                Source: C:\Users\user\Desktop\Quotation.exeThread delayed: delay time: 30000Jump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 1f12T89.10.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: 1f12T89.10.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: unregmp2.exe, 0000000A.00000002.3734964274.0000000007758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,1,
                Source: 1f12T89.10.drBinary or memory string: discord.comVMware20,11696487552f
                Source: 1f12T89.10.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: unregmp2.exe, 0000000A.00000002.3734964274.0000000007758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: on-EU EuropeVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: unregmp2.exe, 0000000A.00000002.3734964274.0000000007758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552O
                Source: 1f12T89.10.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: global block list test formVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: unregmp2.exe, 0000000A.00000002.3734964274.0000000007758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,116
                Source: 1f12T89.10.drBinary or memory string: AMC password management pageVMware20,11696487552
                Source: unregmp2.exe, 0000000A.00000002.3734964274.0000000007758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: COM.HKVMware20,11696487552
                Source: unregmp2.exe, 0000000A.00000002.3730651625.000000000076A000.00000004.00000020.00020000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3731253518.0000000000D09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 1f12T89.10.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: unregmp2.exe, 0000000A.00000002.3734964274.0000000007758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rokers - EU WestVMware20,11696487552n
                Source: firefox.exe, 0000000C.00000002.1832887418.000001D5EE91C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll99
                Source: 1f12T89.10.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: 1f12T89.10.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: 1f12T89.10.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: unregmp2.exe, 0000000A.00000002.3734964274.0000000007758000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,116
                Source: 1f12T89.10.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: 1f12T89.10.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: 1f12T89.10.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: 1f12T89.10.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: 1f12T89.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: 1f12T89.10.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: 1f12T89.10.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: 1f12T89.10.drBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: 1f12T89.10.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: 1f12T89.10.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: 1f12T89.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: 1f12T89.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: 1f12T89.10.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\Quotation.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0111096E rdtsc 7_2_0111096E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_00417CE3 LdrLoadDll,7_2_00417CE3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01190115 mov eax, dword ptr fs:[00000030h]7_2_01190115
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117A118 mov ecx, dword ptr fs:[00000030h]7_2_0117A118
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117A118 mov eax, dword ptr fs:[00000030h]7_2_0117A118
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117A118 mov eax, dword ptr fs:[00000030h]7_2_0117A118
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117A118 mov eax, dword ptr fs:[00000030h]7_2_0117A118
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov eax, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov ecx, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov eax, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov eax, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov ecx, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov eax, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov eax, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov ecx, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov eax, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E10E mov ecx, dword ptr fs:[00000030h]7_2_0117E10E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01100124 mov eax, dword ptr fs:[00000030h]7_2_01100124
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01168158 mov eax, dword ptr fs:[00000030h]7_2_01168158
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01164144 mov eax, dword ptr fs:[00000030h]7_2_01164144
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01164144 mov eax, dword ptr fs:[00000030h]7_2_01164144
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01164144 mov ecx, dword ptr fs:[00000030h]7_2_01164144
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01164144 mov eax, dword ptr fs:[00000030h]7_2_01164144
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01164144 mov eax, dword ptr fs:[00000030h]7_2_01164144
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6154 mov eax, dword ptr fs:[00000030h]7_2_010D6154
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6154 mov eax, dword ptr fs:[00000030h]7_2_010D6154
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CC156 mov eax, dword ptr fs:[00000030h]7_2_010CC156
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4164 mov eax, dword ptr fs:[00000030h]7_2_011A4164
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4164 mov eax, dword ptr fs:[00000030h]7_2_011A4164
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115019F mov eax, dword ptr fs:[00000030h]7_2_0115019F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115019F mov eax, dword ptr fs:[00000030h]7_2_0115019F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115019F mov eax, dword ptr fs:[00000030h]7_2_0115019F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115019F mov eax, dword ptr fs:[00000030h]7_2_0115019F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118C188 mov eax, dword ptr fs:[00000030h]7_2_0118C188
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118C188 mov eax, dword ptr fs:[00000030h]7_2_0118C188
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01110185 mov eax, dword ptr fs:[00000030h]7_2_01110185
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01174180 mov eax, dword ptr fs:[00000030h]7_2_01174180
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01174180 mov eax, dword ptr fs:[00000030h]7_2_01174180
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CA197 mov eax, dword ptr fs:[00000030h]7_2_010CA197
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CA197 mov eax, dword ptr fs:[00000030h]7_2_010CA197
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CA197 mov eax, dword ptr fs:[00000030h]7_2_010CA197
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E1D0 mov eax, dword ptr fs:[00000030h]7_2_0114E1D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E1D0 mov eax, dword ptr fs:[00000030h]7_2_0114E1D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E1D0 mov ecx, dword ptr fs:[00000030h]7_2_0114E1D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E1D0 mov eax, dword ptr fs:[00000030h]7_2_0114E1D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E1D0 mov eax, dword ptr fs:[00000030h]7_2_0114E1D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011961C3 mov eax, dword ptr fs:[00000030h]7_2_011961C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011961C3 mov eax, dword ptr fs:[00000030h]7_2_011961C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011001F8 mov eax, dword ptr fs:[00000030h]7_2_011001F8
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A61E5 mov eax, dword ptr fs:[00000030h]7_2_011A61E5
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01154000 mov ecx, dword ptr fs:[00000030h]7_2_01154000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01172000 mov eax, dword ptr fs:[00000030h]7_2_01172000
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE016 mov eax, dword ptr fs:[00000030h]7_2_010EE016
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE016 mov eax, dword ptr fs:[00000030h]7_2_010EE016
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE016 mov eax, dword ptr fs:[00000030h]7_2_010EE016
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE016 mov eax, dword ptr fs:[00000030h]7_2_010EE016
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01166030 mov eax, dword ptr fs:[00000030h]7_2_01166030
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CA020 mov eax, dword ptr fs:[00000030h]7_2_010CA020
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CC020 mov eax, dword ptr fs:[00000030h]7_2_010CC020
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156050 mov eax, dword ptr fs:[00000030h]7_2_01156050
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D2050 mov eax, dword ptr fs:[00000030h]7_2_010D2050
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FC073 mov eax, dword ptr fs:[00000030h]7_2_010FC073
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D208A mov eax, dword ptr fs:[00000030h]7_2_010D208A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011960B8 mov eax, dword ptr fs:[00000030h]7_2_011960B8
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011960B8 mov ecx, dword ptr fs:[00000030h]7_2_011960B8
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C80A0 mov eax, dword ptr fs:[00000030h]7_2_010C80A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011680A8 mov eax, dword ptr fs:[00000030h]7_2_011680A8
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011520DE mov eax, dword ptr fs:[00000030h]7_2_011520DE
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011120F0 mov ecx, dword ptr fs:[00000030h]7_2_011120F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D80E9 mov eax, dword ptr fs:[00000030h]7_2_010D80E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CA0E3 mov ecx, dword ptr fs:[00000030h]7_2_010CA0E3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011560E0 mov eax, dword ptr fs:[00000030h]7_2_011560E0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CC0F0 mov eax, dword ptr fs:[00000030h]7_2_010CC0F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A30B mov eax, dword ptr fs:[00000030h]7_2_0110A30B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A30B mov eax, dword ptr fs:[00000030h]7_2_0110A30B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A30B mov eax, dword ptr fs:[00000030h]7_2_0110A30B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CC310 mov ecx, dword ptr fs:[00000030h]7_2_010CC310
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F0310 mov ecx, dword ptr fs:[00000030h]7_2_010F0310
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115035C mov eax, dword ptr fs:[00000030h]7_2_0115035C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115035C mov eax, dword ptr fs:[00000030h]7_2_0115035C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115035C mov eax, dword ptr fs:[00000030h]7_2_0115035C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115035C mov ecx, dword ptr fs:[00000030h]7_2_0115035C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115035C mov eax, dword ptr fs:[00000030h]7_2_0115035C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115035C mov eax, dword ptr fs:[00000030h]7_2_0115035C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119A352 mov eax, dword ptr fs:[00000030h]7_2_0119A352
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A634F mov eax, dword ptr fs:[00000030h]7_2_011A634F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01152349 mov eax, dword ptr fs:[00000030h]7_2_01152349
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117437C mov eax, dword ptr fs:[00000030h]7_2_0117437C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F438F mov eax, dword ptr fs:[00000030h]7_2_010F438F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F438F mov eax, dword ptr fs:[00000030h]7_2_010F438F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CE388 mov eax, dword ptr fs:[00000030h]7_2_010CE388
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CE388 mov eax, dword ptr fs:[00000030h]7_2_010CE388
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CE388 mov eax, dword ptr fs:[00000030h]7_2_010CE388
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C8397 mov eax, dword ptr fs:[00000030h]7_2_010C8397
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C8397 mov eax, dword ptr fs:[00000030h]7_2_010C8397
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C8397 mov eax, dword ptr fs:[00000030h]7_2_010C8397
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011743D4 mov eax, dword ptr fs:[00000030h]7_2_011743D4
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011743D4 mov eax, dword ptr fs:[00000030h]7_2_011743D4
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E3DB mov eax, dword ptr fs:[00000030h]7_2_0117E3DB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E3DB mov eax, dword ptr fs:[00000030h]7_2_0117E3DB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E3DB mov ecx, dword ptr fs:[00000030h]7_2_0117E3DB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117E3DB mov eax, dword ptr fs:[00000030h]7_2_0117E3DB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA3C0 mov eax, dword ptr fs:[00000030h]7_2_010DA3C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA3C0 mov eax, dword ptr fs:[00000030h]7_2_010DA3C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA3C0 mov eax, dword ptr fs:[00000030h]7_2_010DA3C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA3C0 mov eax, dword ptr fs:[00000030h]7_2_010DA3C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA3C0 mov eax, dword ptr fs:[00000030h]7_2_010DA3C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA3C0 mov eax, dword ptr fs:[00000030h]7_2_010DA3C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D83C0 mov eax, dword ptr fs:[00000030h]7_2_010D83C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D83C0 mov eax, dword ptr fs:[00000030h]7_2_010D83C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D83C0 mov eax, dword ptr fs:[00000030h]7_2_010D83C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D83C0 mov eax, dword ptr fs:[00000030h]7_2_010D83C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118C3CD mov eax, dword ptr fs:[00000030h]7_2_0118C3CD
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011563C0 mov eax, dword ptr fs:[00000030h]7_2_011563C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E03E9 mov eax, dword ptr fs:[00000030h]7_2_010E03E9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011063FF mov eax, dword ptr fs:[00000030h]7_2_011063FF
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE3F0 mov eax, dword ptr fs:[00000030h]7_2_010EE3F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE3F0 mov eax, dword ptr fs:[00000030h]7_2_010EE3F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE3F0 mov eax, dword ptr fs:[00000030h]7_2_010EE3F0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C823B mov eax, dword ptr fs:[00000030h]7_2_010C823B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A625D mov eax, dword ptr fs:[00000030h]7_2_011A625D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118A250 mov eax, dword ptr fs:[00000030h]7_2_0118A250
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118A250 mov eax, dword ptr fs:[00000030h]7_2_0118A250
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6259 mov eax, dword ptr fs:[00000030h]7_2_010D6259
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01158243 mov eax, dword ptr fs:[00000030h]7_2_01158243
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01158243 mov ecx, dword ptr fs:[00000030h]7_2_01158243
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CA250 mov eax, dword ptr fs:[00000030h]7_2_010CA250
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C826B mov eax, dword ptr fs:[00000030h]7_2_010C826B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01180274 mov eax, dword ptr fs:[00000030h]7_2_01180274
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D4260 mov eax, dword ptr fs:[00000030h]7_2_010D4260
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D4260 mov eax, dword ptr fs:[00000030h]7_2_010D4260
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D4260 mov eax, dword ptr fs:[00000030h]7_2_010D4260
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E284 mov eax, dword ptr fs:[00000030h]7_2_0110E284
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E284 mov eax, dword ptr fs:[00000030h]7_2_0110E284
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01150283 mov eax, dword ptr fs:[00000030h]7_2_01150283
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01150283 mov eax, dword ptr fs:[00000030h]7_2_01150283
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01150283 mov eax, dword ptr fs:[00000030h]7_2_01150283
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E02A0 mov eax, dword ptr fs:[00000030h]7_2_010E02A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E02A0 mov eax, dword ptr fs:[00000030h]7_2_010E02A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011662A0 mov eax, dword ptr fs:[00000030h]7_2_011662A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011662A0 mov ecx, dword ptr fs:[00000030h]7_2_011662A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011662A0 mov eax, dword ptr fs:[00000030h]7_2_011662A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011662A0 mov eax, dword ptr fs:[00000030h]7_2_011662A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011662A0 mov eax, dword ptr fs:[00000030h]7_2_011662A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011662A0 mov eax, dword ptr fs:[00000030h]7_2_011662A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A62D6 mov eax, dword ptr fs:[00000030h]7_2_011A62D6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA2C3 mov eax, dword ptr fs:[00000030h]7_2_010DA2C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA2C3 mov eax, dword ptr fs:[00000030h]7_2_010DA2C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA2C3 mov eax, dword ptr fs:[00000030h]7_2_010DA2C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA2C3 mov eax, dword ptr fs:[00000030h]7_2_010DA2C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA2C3 mov eax, dword ptr fs:[00000030h]7_2_010DA2C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E02E1 mov eax, dword ptr fs:[00000030h]7_2_010E02E1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E02E1 mov eax, dword ptr fs:[00000030h]7_2_010E02E1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E02E1 mov eax, dword ptr fs:[00000030h]7_2_010E02E1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01166500 mov eax, dword ptr fs:[00000030h]7_2_01166500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4500 mov eax, dword ptr fs:[00000030h]7_2_011A4500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4500 mov eax, dword ptr fs:[00000030h]7_2_011A4500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4500 mov eax, dword ptr fs:[00000030h]7_2_011A4500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4500 mov eax, dword ptr fs:[00000030h]7_2_011A4500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4500 mov eax, dword ptr fs:[00000030h]7_2_011A4500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4500 mov eax, dword ptr fs:[00000030h]7_2_011A4500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4500 mov eax, dword ptr fs:[00000030h]7_2_011A4500
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE53E mov eax, dword ptr fs:[00000030h]7_2_010FE53E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE53E mov eax, dword ptr fs:[00000030h]7_2_010FE53E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE53E mov eax, dword ptr fs:[00000030h]7_2_010FE53E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE53E mov eax, dword ptr fs:[00000030h]7_2_010FE53E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE53E mov eax, dword ptr fs:[00000030h]7_2_010FE53E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0535 mov eax, dword ptr fs:[00000030h]7_2_010E0535
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0535 mov eax, dword ptr fs:[00000030h]7_2_010E0535
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0535 mov eax, dword ptr fs:[00000030h]7_2_010E0535
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0535 mov eax, dword ptr fs:[00000030h]7_2_010E0535
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0535 mov eax, dword ptr fs:[00000030h]7_2_010E0535
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0535 mov eax, dword ptr fs:[00000030h]7_2_010E0535
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8550 mov eax, dword ptr fs:[00000030h]7_2_010D8550
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8550 mov eax, dword ptr fs:[00000030h]7_2_010D8550
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110656A mov eax, dword ptr fs:[00000030h]7_2_0110656A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110656A mov eax, dword ptr fs:[00000030h]7_2_0110656A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110656A mov eax, dword ptr fs:[00000030h]7_2_0110656A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E59C mov eax, dword ptr fs:[00000030h]7_2_0110E59C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D2582 mov eax, dword ptr fs:[00000030h]7_2_010D2582
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D2582 mov ecx, dword ptr fs:[00000030h]7_2_010D2582
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01104588 mov eax, dword ptr fs:[00000030h]7_2_01104588
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011505A7 mov eax, dword ptr fs:[00000030h]7_2_011505A7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011505A7 mov eax, dword ptr fs:[00000030h]7_2_011505A7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011505A7 mov eax, dword ptr fs:[00000030h]7_2_011505A7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F45B1 mov eax, dword ptr fs:[00000030h]7_2_010F45B1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F45B1 mov eax, dword ptr fs:[00000030h]7_2_010F45B1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A5D0 mov eax, dword ptr fs:[00000030h]7_2_0110A5D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A5D0 mov eax, dword ptr fs:[00000030h]7_2_0110A5D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D65D0 mov eax, dword ptr fs:[00000030h]7_2_010D65D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E5CF mov eax, dword ptr fs:[00000030h]7_2_0110E5CF
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E5CF mov eax, dword ptr fs:[00000030h]7_2_0110E5CF
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE5E7 mov eax, dword ptr fs:[00000030h]7_2_010FE5E7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D25E0 mov eax, dword ptr fs:[00000030h]7_2_010D25E0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C5ED mov eax, dword ptr fs:[00000030h]7_2_0110C5ED
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C5ED mov eax, dword ptr fs:[00000030h]7_2_0110C5ED
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01108402 mov eax, dword ptr fs:[00000030h]7_2_01108402
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01108402 mov eax, dword ptr fs:[00000030h]7_2_01108402
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01108402 mov eax, dword ptr fs:[00000030h]7_2_01108402
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A430 mov eax, dword ptr fs:[00000030h]7_2_0110A430
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CC427 mov eax, dword ptr fs:[00000030h]7_2_010CC427
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CE420 mov eax, dword ptr fs:[00000030h]7_2_010CE420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CE420 mov eax, dword ptr fs:[00000030h]7_2_010CE420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CE420 mov eax, dword ptr fs:[00000030h]7_2_010CE420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156420 mov eax, dword ptr fs:[00000030h]7_2_01156420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156420 mov eax, dword ptr fs:[00000030h]7_2_01156420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156420 mov eax, dword ptr fs:[00000030h]7_2_01156420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156420 mov eax, dword ptr fs:[00000030h]7_2_01156420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156420 mov eax, dword ptr fs:[00000030h]7_2_01156420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156420 mov eax, dword ptr fs:[00000030h]7_2_01156420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01156420 mov eax, dword ptr fs:[00000030h]7_2_01156420
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118A456 mov eax, dword ptr fs:[00000030h]7_2_0118A456
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C645D mov eax, dword ptr fs:[00000030h]7_2_010C645D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110E443 mov eax, dword ptr fs:[00000030h]7_2_0110E443
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F245A mov eax, dword ptr fs:[00000030h]7_2_010F245A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115C460 mov ecx, dword ptr fs:[00000030h]7_2_0115C460
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FA470 mov eax, dword ptr fs:[00000030h]7_2_010FA470
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FA470 mov eax, dword ptr fs:[00000030h]7_2_010FA470
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FA470 mov eax, dword ptr fs:[00000030h]7_2_010FA470
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0118A49A mov eax, dword ptr fs:[00000030h]7_2_0118A49A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011044B0 mov ecx, dword ptr fs:[00000030h]7_2_011044B0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115A4B0 mov eax, dword ptr fs:[00000030h]7_2_0115A4B0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D64AB mov eax, dword ptr fs:[00000030h]7_2_010D64AB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D04E5 mov ecx, dword ptr fs:[00000030h]7_2_010D04E5
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01100710 mov eax, dword ptr fs:[00000030h]7_2_01100710
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C700 mov eax, dword ptr fs:[00000030h]7_2_0110C700
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0710 mov eax, dword ptr fs:[00000030h]7_2_010D0710
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114C730 mov eax, dword ptr fs:[00000030h]7_2_0114C730
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110273C mov eax, dword ptr fs:[00000030h]7_2_0110273C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110273C mov ecx, dword ptr fs:[00000030h]7_2_0110273C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110273C mov eax, dword ptr fs:[00000030h]7_2_0110273C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C720 mov eax, dword ptr fs:[00000030h]7_2_0110C720
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C720 mov eax, dword ptr fs:[00000030h]7_2_0110C720
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01154755 mov eax, dword ptr fs:[00000030h]7_2_01154755
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112750 mov eax, dword ptr fs:[00000030h]7_2_01112750
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112750 mov eax, dword ptr fs:[00000030h]7_2_01112750
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115E75D mov eax, dword ptr fs:[00000030h]7_2_0115E75D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110674D mov esi, dword ptr fs:[00000030h]7_2_0110674D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110674D mov eax, dword ptr fs:[00000030h]7_2_0110674D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110674D mov eax, dword ptr fs:[00000030h]7_2_0110674D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0750 mov eax, dword ptr fs:[00000030h]7_2_010D0750
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8770 mov eax, dword ptr fs:[00000030h]7_2_010D8770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0770 mov eax, dword ptr fs:[00000030h]7_2_010E0770
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117678E mov eax, dword ptr fs:[00000030h]7_2_0117678E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D07AF mov eax, dword ptr fs:[00000030h]7_2_010D07AF
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011847A0 mov eax, dword ptr fs:[00000030h]7_2_011847A0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DC7C0 mov eax, dword ptr fs:[00000030h]7_2_010DC7C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011507C3 mov eax, dword ptr fs:[00000030h]7_2_011507C3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F27ED mov eax, dword ptr fs:[00000030h]7_2_010F27ED
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F27ED mov eax, dword ptr fs:[00000030h]7_2_010F27ED
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F27ED mov eax, dword ptr fs:[00000030h]7_2_010F27ED
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115E7E1 mov eax, dword ptr fs:[00000030h]7_2_0115E7E1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D47FB mov eax, dword ptr fs:[00000030h]7_2_010D47FB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D47FB mov eax, dword ptr fs:[00000030h]7_2_010D47FB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E260B mov eax, dword ptr fs:[00000030h]7_2_010E260B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E260B mov eax, dword ptr fs:[00000030h]7_2_010E260B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E260B mov eax, dword ptr fs:[00000030h]7_2_010E260B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E260B mov eax, dword ptr fs:[00000030h]7_2_010E260B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E260B mov eax, dword ptr fs:[00000030h]7_2_010E260B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E260B mov eax, dword ptr fs:[00000030h]7_2_010E260B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E260B mov eax, dword ptr fs:[00000030h]7_2_010E260B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01112619 mov eax, dword ptr fs:[00000030h]7_2_01112619
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E609 mov eax, dword ptr fs:[00000030h]7_2_0114E609
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D262C mov eax, dword ptr fs:[00000030h]7_2_010D262C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EE627 mov eax, dword ptr fs:[00000030h]7_2_010EE627
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01106620 mov eax, dword ptr fs:[00000030h]7_2_01106620
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01108620 mov eax, dword ptr fs:[00000030h]7_2_01108620
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EC640 mov eax, dword ptr fs:[00000030h]7_2_010EC640
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01102674 mov eax, dword ptr fs:[00000030h]7_2_01102674
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A660 mov eax, dword ptr fs:[00000030h]7_2_0110A660
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A660 mov eax, dword ptr fs:[00000030h]7_2_0110A660
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119866E mov eax, dword ptr fs:[00000030h]7_2_0119866E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119866E mov eax, dword ptr fs:[00000030h]7_2_0119866E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D4690 mov eax, dword ptr fs:[00000030h]7_2_010D4690
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D4690 mov eax, dword ptr fs:[00000030h]7_2_010D4690
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011066B0 mov eax, dword ptr fs:[00000030h]7_2_011066B0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C6A6 mov eax, dword ptr fs:[00000030h]7_2_0110C6A6
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A6C7 mov ebx, dword ptr fs:[00000030h]7_2_0110A6C7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A6C7 mov eax, dword ptr fs:[00000030h]7_2_0110A6C7
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011506F1 mov eax, dword ptr fs:[00000030h]7_2_011506F1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011506F1 mov eax, dword ptr fs:[00000030h]7_2_011506F1
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E6F2 mov eax, dword ptr fs:[00000030h]7_2_0114E6F2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E6F2 mov eax, dword ptr fs:[00000030h]7_2_0114E6F2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E6F2 mov eax, dword ptr fs:[00000030h]7_2_0114E6F2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E6F2 mov eax, dword ptr fs:[00000030h]7_2_0114E6F2
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115C912 mov eax, dword ptr fs:[00000030h]7_2_0115C912
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C8918 mov eax, dword ptr fs:[00000030h]7_2_010C8918
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C8918 mov eax, dword ptr fs:[00000030h]7_2_010C8918
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E908 mov eax, dword ptr fs:[00000030h]7_2_0114E908
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114E908 mov eax, dword ptr fs:[00000030h]7_2_0114E908
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0116892B mov eax, dword ptr fs:[00000030h]7_2_0116892B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115892A mov eax, dword ptr fs:[00000030h]7_2_0115892A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01150946 mov eax, dword ptr fs:[00000030h]7_2_01150946
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4940 mov eax, dword ptr fs:[00000030h]7_2_011A4940
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115C97C mov eax, dword ptr fs:[00000030h]7_2_0115C97C
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F6962 mov eax, dword ptr fs:[00000030h]7_2_010F6962
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F6962 mov eax, dword ptr fs:[00000030h]7_2_010F6962
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F6962 mov eax, dword ptr fs:[00000030h]7_2_010F6962
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01174978 mov eax, dword ptr fs:[00000030h]7_2_01174978
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01174978 mov eax, dword ptr fs:[00000030h]7_2_01174978
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0111096E mov eax, dword ptr fs:[00000030h]7_2_0111096E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0111096E mov edx, dword ptr fs:[00000030h]7_2_0111096E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0111096E mov eax, dword ptr fs:[00000030h]7_2_0111096E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D09AD mov eax, dword ptr fs:[00000030h]7_2_010D09AD
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D09AD mov eax, dword ptr fs:[00000030h]7_2_010D09AD
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011589B3 mov esi, dword ptr fs:[00000030h]7_2_011589B3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011589B3 mov eax, dword ptr fs:[00000030h]7_2_011589B3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011589B3 mov eax, dword ptr fs:[00000030h]7_2_011589B3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011049D0 mov eax, dword ptr fs:[00000030h]7_2_011049D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119A9D3 mov eax, dword ptr fs:[00000030h]7_2_0119A9D3
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011669C0 mov eax, dword ptr fs:[00000030h]7_2_011669C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA9D0 mov eax, dword ptr fs:[00000030h]7_2_010DA9D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA9D0 mov eax, dword ptr fs:[00000030h]7_2_010DA9D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA9D0 mov eax, dword ptr fs:[00000030h]7_2_010DA9D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA9D0 mov eax, dword ptr fs:[00000030h]7_2_010DA9D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA9D0 mov eax, dword ptr fs:[00000030h]7_2_010DA9D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DA9D0 mov eax, dword ptr fs:[00000030h]7_2_010DA9D0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011029F9 mov eax, dword ptr fs:[00000030h]7_2_011029F9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011029F9 mov eax, dword ptr fs:[00000030h]7_2_011029F9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115E9E0 mov eax, dword ptr fs:[00000030h]7_2_0115E9E0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115C810 mov eax, dword ptr fs:[00000030h]7_2_0115C810
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110A830 mov eax, dword ptr fs:[00000030h]7_2_0110A830
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117483A mov eax, dword ptr fs:[00000030h]7_2_0117483A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117483A mov eax, dword ptr fs:[00000030h]7_2_0117483A
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F2835 mov eax, dword ptr fs:[00000030h]7_2_010F2835
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F2835 mov eax, dword ptr fs:[00000030h]7_2_010F2835
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F2835 mov eax, dword ptr fs:[00000030h]7_2_010F2835
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F2835 mov ecx, dword ptr fs:[00000030h]7_2_010F2835
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F2835 mov eax, dword ptr fs:[00000030h]7_2_010F2835
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F2835 mov eax, dword ptr fs:[00000030h]7_2_010F2835
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01100854 mov eax, dword ptr fs:[00000030h]7_2_01100854
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D4859 mov eax, dword ptr fs:[00000030h]7_2_010D4859
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D4859 mov eax, dword ptr fs:[00000030h]7_2_010D4859
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01166870 mov eax, dword ptr fs:[00000030h]7_2_01166870
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01166870 mov eax, dword ptr fs:[00000030h]7_2_01166870
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115E872 mov eax, dword ptr fs:[00000030h]7_2_0115E872
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115E872 mov eax, dword ptr fs:[00000030h]7_2_0115E872
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115C89D mov eax, dword ptr fs:[00000030h]7_2_0115C89D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0887 mov eax, dword ptr fs:[00000030h]7_2_010D0887
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FE8C0 mov eax, dword ptr fs:[00000030h]7_2_010FE8C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A08C0 mov eax, dword ptr fs:[00000030h]7_2_011A08C0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C8F9 mov eax, dword ptr fs:[00000030h]7_2_0110C8F9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110C8F9 mov eax, dword ptr fs:[00000030h]7_2_0110C8F9
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119A8E4 mov eax, dword ptr fs:[00000030h]7_2_0119A8E4
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114EB1D mov eax, dword ptr fs:[00000030h]7_2_0114EB1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4B00 mov eax, dword ptr fs:[00000030h]7_2_011A4B00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FEB20 mov eax, dword ptr fs:[00000030h]7_2_010FEB20
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FEB20 mov eax, dword ptr fs:[00000030h]7_2_010FEB20
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01198B28 mov eax, dword ptr fs:[00000030h]7_2_01198B28
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01198B28 mov eax, dword ptr fs:[00000030h]7_2_01198B28
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117EB50 mov eax, dword ptr fs:[00000030h]7_2_0117EB50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A2B57 mov eax, dword ptr fs:[00000030h]7_2_011A2B57
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A2B57 mov eax, dword ptr fs:[00000030h]7_2_011A2B57
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A2B57 mov eax, dword ptr fs:[00000030h]7_2_011A2B57
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A2B57 mov eax, dword ptr fs:[00000030h]7_2_011A2B57
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01184B4B mov eax, dword ptr fs:[00000030h]7_2_01184B4B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01184B4B mov eax, dword ptr fs:[00000030h]7_2_01184B4B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01178B42 mov eax, dword ptr fs:[00000030h]7_2_01178B42
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01166B40 mov eax, dword ptr fs:[00000030h]7_2_01166B40
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01166B40 mov eax, dword ptr fs:[00000030h]7_2_01166B40
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0119AB40 mov eax, dword ptr fs:[00000030h]7_2_0119AB40
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C8B50 mov eax, dword ptr fs:[00000030h]7_2_010C8B50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010CCB7E mov eax, dword ptr fs:[00000030h]7_2_010CCB7E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01184BB0 mov eax, dword ptr fs:[00000030h]7_2_01184BB0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01184BB0 mov eax, dword ptr fs:[00000030h]7_2_01184BB0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0BBE mov eax, dword ptr fs:[00000030h]7_2_010E0BBE
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0BBE mov eax, dword ptr fs:[00000030h]7_2_010E0BBE
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0BCD mov eax, dword ptr fs:[00000030h]7_2_010D0BCD
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0BCD mov eax, dword ptr fs:[00000030h]7_2_010D0BCD
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0BCD mov eax, dword ptr fs:[00000030h]7_2_010D0BCD
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F0BCB mov eax, dword ptr fs:[00000030h]7_2_010F0BCB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F0BCB mov eax, dword ptr fs:[00000030h]7_2_010F0BCB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F0BCB mov eax, dword ptr fs:[00000030h]7_2_010F0BCB
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117EBD0 mov eax, dword ptr fs:[00000030h]7_2_0117EBD0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115CBF0 mov eax, dword ptr fs:[00000030h]7_2_0115CBF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FEBFC mov eax, dword ptr fs:[00000030h]7_2_010FEBFC
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8BF0 mov eax, dword ptr fs:[00000030h]7_2_010D8BF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8BF0 mov eax, dword ptr fs:[00000030h]7_2_010D8BF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8BF0 mov eax, dword ptr fs:[00000030h]7_2_010D8BF0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0115CA11 mov eax, dword ptr fs:[00000030h]7_2_0115CA11
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010FEA2E mov eax, dword ptr fs:[00000030h]7_2_010FEA2E
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110CA38 mov eax, dword ptr fs:[00000030h]7_2_0110CA38
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110CA24 mov eax, dword ptr fs:[00000030h]7_2_0110CA24
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F4A35 mov eax, dword ptr fs:[00000030h]7_2_010F4A35
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010F4A35 mov eax, dword ptr fs:[00000030h]7_2_010F4A35
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0A5B mov eax, dword ptr fs:[00000030h]7_2_010E0A5B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010E0A5B mov eax, dword ptr fs:[00000030h]7_2_010E0A5B
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6A50 mov eax, dword ptr fs:[00000030h]7_2_010D6A50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6A50 mov eax, dword ptr fs:[00000030h]7_2_010D6A50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6A50 mov eax, dword ptr fs:[00000030h]7_2_010D6A50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6A50 mov eax, dword ptr fs:[00000030h]7_2_010D6A50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6A50 mov eax, dword ptr fs:[00000030h]7_2_010D6A50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6A50 mov eax, dword ptr fs:[00000030h]7_2_010D6A50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D6A50 mov eax, dword ptr fs:[00000030h]7_2_010D6A50
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114CA72 mov eax, dword ptr fs:[00000030h]7_2_0114CA72
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0114CA72 mov eax, dword ptr fs:[00000030h]7_2_0114CA72
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0117EA60 mov eax, dword ptr fs:[00000030h]7_2_0117EA60
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110CA6F mov eax, dword ptr fs:[00000030h]7_2_0110CA6F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110CA6F mov eax, dword ptr fs:[00000030h]7_2_0110CA6F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110CA6F mov eax, dword ptr fs:[00000030h]7_2_0110CA6F
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01108A90 mov edx, dword ptr fs:[00000030h]7_2_01108A90
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010DEA80 mov eax, dword ptr fs:[00000030h]7_2_010DEA80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_011A4A80 mov eax, dword ptr fs:[00000030h]7_2_011A4A80
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8AA0 mov eax, dword ptr fs:[00000030h]7_2_010D8AA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D8AA0 mov eax, dword ptr fs:[00000030h]7_2_010D8AA0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01126AA4 mov eax, dword ptr fs:[00000030h]7_2_01126AA4
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01104AD0 mov eax, dword ptr fs:[00000030h]7_2_01104AD0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01104AD0 mov eax, dword ptr fs:[00000030h]7_2_01104AD0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010D0AD0 mov eax, dword ptr fs:[00000030h]7_2_010D0AD0
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01126ACC mov eax, dword ptr fs:[00000030h]7_2_01126ACC
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01126ACC mov eax, dword ptr fs:[00000030h]7_2_01126ACC
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01126ACC mov eax, dword ptr fs:[00000030h]7_2_01126ACC
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110AAEE mov eax, dword ptr fs:[00000030h]7_2_0110AAEE
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_0110AAEE mov eax, dword ptr fs:[00000030h]7_2_0110AAEE
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01188D10 mov eax, dword ptr fs:[00000030h]7_2_01188D10
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01188D10 mov eax, dword ptr fs:[00000030h]7_2_01188D10
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_01104D1D mov eax, dword ptr fs:[00000030h]7_2_01104D1D
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EAD00 mov eax, dword ptr fs:[00000030h]7_2_010EAD00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EAD00 mov eax, dword ptr fs:[00000030h]7_2_010EAD00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010EAD00 mov eax, dword ptr fs:[00000030h]7_2_010EAD00
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C6D10 mov eax, dword ptr fs:[00000030h]7_2_010C6D10
                Source: C:\Users\user\Desktop\Quotation.exeCode function: 7_2_010C6D10 mov eax, dword ptr fs:[00000030h]7_2_010C6D10
                Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtAllocateVirtualMemory: Direct from: 0x77172BFCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtProtectVirtualMemory: Direct from: 0x77167B2EJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtDelayExecution: Direct from: 0x77172DDCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtQuerySystemInformation: Direct from: 0x77172DFCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtReadFile: Direct from: 0x77172ADCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtQueryInformationProcess: Direct from: 0x77172C26Jump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtResumeThread: Direct from: 0x77172FBCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtWriteVirtualMemory: Direct from: 0x7717490CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtCreateUserProcess: Direct from: 0x7717371CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtOpenKeyEx: Direct from: 0x77172B9CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtNotifyChangeKey: Direct from: 0x77173C2CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtSetInformationProcess: Direct from: 0x77172C5CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtProtectVirtualMemory: Direct from: 0x77172F9CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtResumeThread: Direct from: 0x771736ACJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtMapViewOfSection: Direct from: 0x77172D1CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtWriteVirtualMemory: Direct from: 0x77172E3CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtCreateMutant: Direct from: 0x771735CCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtDeviceIoControlFile: Direct from: 0x77172AECJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtAllocateVirtualMemory: Direct from: 0x77172BECJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtQueryInformationToken: Direct from: 0x77172CACJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtCreateFile: Direct from: 0x77172FECJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtOpenFile: Direct from: 0x77172DCCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtClose: Direct from: 0x77172B6C
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtSetInformationThread: Direct from: 0x771663F9Jump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtAllocateVirtualMemory: Direct from: 0x77173C9CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtQueryAttributesFile: Direct from: 0x77172E6CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtSetInformationThread: Direct from: 0x77172B4CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtReadVirtualMemory: Direct from: 0x77172E8CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtCreateKey: Direct from: 0x77172C6CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtQueryVolumeInformationFile: Direct from: 0x77172F2CJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtAllocateVirtualMemory: Direct from: 0x771748ECJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtQuerySystemInformation: Direct from: 0x771748CCJump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeNtOpenSection: Direct from: 0x77172E0CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Quotation.exeMemory written: C:\Users\user\Desktop\Quotation.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: NULL target: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeSection loaded: NULL target: C:\Windows\SysWOW64\unregmp2.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\unregmp2.exeThread register set: target process: 7740Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\unregmp2.exeThread APC queued: target process: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe "C:\Users\user\Desktop\Quotation.exe"Jump to behavior
                Source: C:\Program Files (x86)\VOQmIyEmwtmLGVoZpWvEJRsEBgnrJzRnmkTbgKUvsuPbnWRgzJkkz\KINGXR0SWeeumOtY.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: KINGXR0SWeeumOtY.exe, 00000009.00000002.3731346728.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000000.1467602297.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3731613936.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: KINGXR0SWeeumOtY.exe, 00000009.00000002.3731346728.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000000.1467602297.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3731613936.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: KINGXR0SWeeumOtY.exe, 00000009.00000002.3731346728.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000000.1467602297.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3731613936.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerW
                Source: KINGXR0SWeeumOtY.exe, 00000009.00000002.3731346728.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 00000009.00000000.1467602297.00000000012E1000.00000002.00000001.00040000.00000000.sdmp, KINGXR0SWeeumOtY.exe, 0000000B.00000002.3731613936.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Users\user\Desktop\Quotation.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3732118914.0000000000DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3733704972.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730543677.00000000006F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3731952033.0000000003410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546681971.0000000000FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546023455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730002341.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1547946500.0000000001DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\unregmp2.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3732118914.0000000000DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3733704972.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730543677.00000000006F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3731952033.0000000003410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546681971.0000000000FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1546023455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3730002341.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1547946500.0000000001DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		51
                Virtualization/Sandbox Evasion                		Security Account Manager51
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1635982 Sample: Quotation.exe Startdate: 12/03/2025 Architecture: WINDOWS Score: 100 31 www.vrpin.xyz 2->31 33 www.kdymqiac.xyz 2->33 35 20 other IPs or domains 2->35 45 Antivirus / Scanner detection for submitted sample 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 Quotation.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\user\AppData\...\Quotation.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Quotation.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 KINGXR0SWeeumOtY.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 unregmp2.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 KINGXR0SWeeumOtY.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 031235064.xyz 144.76.229.203, 49723, 49724, 49725 HETZNER-ASDE Germany 23->37 39 www.vrpin.xyz 13.248.169.48, 49735, 49736, 49737 AMAZON-02US United States 23->39 41 13 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.